Gsyfuy

Patience, young "Padovan"

In microwave frequencies, do you use a circulator when you need a (near) perfect diode?

Idomatic way to prevent slicing?

What do hard-Brexiteers want with respect to the Irish border?

How was Skylab's orbit inclination chosen?

Why is the maximum length of openwrt’s root password 8 characters?

What is the best strategy for white in this position?

Landlord wants to switch my lease to a "Land contract" to "get back at the city"

Is it worth rebuilding a wheel myself to save money?

Is there a name of the flying bionic bird?

Which Sci-Fi work first showed weapon of galactic-scale mass destruction?

What are the motivations for publishing new editions of an existing textbook, beyond new discoveries in a field?

Why don't Unix/Linux systems traverse through directories until they find the required version of a linked library?

Fractional alignment

What is the use of option -o in the useradd command?

Why is it "Tumoren" and not "Tumore"?

Does it makes sense to buy a new cycle to learn riding?

Feasability of miniature nuclear reactors for humanoid cyborgs

Geography at the pixel level

Time travel alters history but people keep saying nothing's changed

On the insanity of kings as an argument against Monarchy

Manuscript was "unsubmitted" because the manuscript was deposited in Arxiv Preprints

Springs with some finite mass

How can I fix this gap between bookcases I made?

What is the meaning of Triage in Cybersec world?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}

5

1

I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.

terminology soc

share|improve this question

edited 47 mins ago

schroeder♦

78.8k30175211

asked 2 hours ago

victor26567victor26567

311

add a comment | 

5

1

I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.

terminology soc

share|improve this question

edited 47 mins ago

schroeder♦

78.8k30175211

asked 2 hours ago

victor26567victor26567

311

add a comment | 

I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.

terminology soc

share|improve this question

edited 47 mins ago

schroeder♦

78.8k30175211

asked 2 hours ago

victor26567victor26567

311

share|improve this question

edited 47 mins ago

schroeder♦

78.8k30175211

asked 2 hours ago

victor26567victor26567

311

share|improve this question

edited 47 mins ago

schroeder♦

78.8k30175211

asked 2 hours ago

victor26567victor26567

311

edited 47 mins ago

schroeder♦

78.8k30175211

edited 47 mins ago

schroeder♦

78.8k30175211

asked 2 hours ago

victor26567victor26567

311

asked 2 hours ago

victor26567victor26567

311

1 Answer
1

active

oldest

votes

8

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 2 hours ago

AdonalsiumAdonalsium

3,4711720

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
  
  – victor26567
  2 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
  
  – Adonalsium
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Poor lil' Inspiron :(
  
  – Kyle Vassella
  29 mins ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207100%2fwhat-is-the-meaning-of-triage-in-cybersec-world%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

8

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 2 hours ago

AdonalsiumAdonalsium

3,4711720

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
  
  – victor26567
  2 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
  
  – Adonalsium
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Poor lil' Inspiron :(
  
  – Kyle Vassella
  29 mins ago
  

  
  
  
  

add a comment | 

8

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 2 hours ago

AdonalsiumAdonalsium

3,4711720

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
  
  – victor26567
  2 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
  
  – Adonalsium
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Poor lil' Inspiron :(
  
  – Kyle Vassella
  29 mins ago
  

  
  
  
  

add a comment | 

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 2 hours ago

AdonalsiumAdonalsium

3,4711720

share|improve this answer

answered 2 hours ago

AdonalsiumAdonalsium

3,4711720

answered 2 hours ago

AdonalsiumAdonalsium

3,4711720

answered 2 hours ago

AdonalsiumAdonalsium

3,4711720