Ttyjukl

How are circuits which use complex ICs normally simulated?

How to deal with fear of taking dependencies

How to manage monthly salary

Why Did Howard Stark Use All The Vibranium They Had On A Prototype Shield?

How can I create a character who can assume the widest possible range of creature sizes?

description of papers that have not been submitted to a venue?

What do the Banks children have against barley water?

Why is the maximum length of openwrt’s root password 8 characters?

It's possible to achieve negative score?

JSON.serialize: is it possible to suppress null values of a map?

Should I use my personal or workplace e-mail when registering to external websites for work purpose?

Poison Arrows Piercing damage reduced to 0, do you still get poisoned?

"Riffle" two strings

Limit the amount of RAM Mathematica may access?

Manuscript was "unsubmitted" because the manuscript was deposited in Arxiv Preprints

On the insanity of kings as an argument against Monarchy

The difference between dialogue marks

"What time...?" or "At what time...?" - what is more grammatically correct?

What is this 4-propeller plane?

What is the best strategy for white in this position?

aging parents with no investments

Dual Citizen. Exited the US on Italian passport recently

In microwave frequencies, do you use a circulator when you need a (near) perfect diode?

What could be the right powersource for 15 seconds lifespan disposable giant chainsaw?

What is the meaning of Triage in Cybersec world?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

2

I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.

terminology soc

share|improve this question

edited 11 mins ago

schroeder♦

78.8k30175211

asked 1 hour ago

victor26567victor26567

161

add a comment | 

2

I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.

terminology soc

share|improve this question

edited 11 mins ago

schroeder♦

78.8k30175211

asked 1 hour ago

victor26567victor26567

161

add a comment | 

I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.

terminology soc

share|improve this question

edited 11 mins ago

schroeder♦

78.8k30175211

asked 1 hour ago

victor26567victor26567

161

share|improve this question

edited 11 mins ago

schroeder♦

78.8k30175211

asked 1 hour ago

victor26567victor26567

161

share|improve this question

edited 11 mins ago

schroeder♦

78.8k30175211

asked 1 hour ago

victor26567victor26567

161

edited 11 mins ago

schroeder♦

78.8k30175211

edited 11 mins ago

schroeder♦

78.8k30175211

asked 1 hour ago

victor26567victor26567

161

asked 1 hour ago

victor26567victor26567

161

1 Answer
1

active

oldest

votes

4

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 1 hour ago

AdonalsiumAdonalsium

3,4311720

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
  
  – victor26567
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
  
  – Adonalsium
  1 hour ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207100%2fwhat-is-the-meaning-of-triage-in-cybersec-world%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

4

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 1 hour ago

AdonalsiumAdonalsium

3,4311720

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
  
  – victor26567
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
  
  – Adonalsium
  1 hour ago
  

  
  
  
  

add a comment | 

4

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 1 hour ago

AdonalsiumAdonalsium

3,4311720

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
  
  – victor26567
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
  
  – Adonalsium
  1 hour ago
  

  
  
  
  

add a comment | 

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 1 hour ago

AdonalsiumAdonalsium

3,4311720

share|improve this answer

answered 1 hour ago

AdonalsiumAdonalsium

3,4311720

answered 1 hour ago

AdonalsiumAdonalsium

3,4311720

answered 1 hour ago

AdonalsiumAdonalsium

3,4311720