Arsthbt

Why is it "Tumoren" and not "Tumore"?

How to make payment on the internet without leaving a money trail?

Why is Grand Jury testimony secret?

It's possible to achieve negative score?

If Wish Duplicates Simulacrum, Are Existing Duplicates Destroyed?

What tool would a Roman-age civilisation use to reduce/breakup silver and other metals?

Should I use my personal or workplace e-mail when registering to external websites for work purpose?

Unbreakable Formation vs. Cry of the Carnarium

Spanish for "widget"

"What time...?" or "At what time...?" - what is more grammatically correct?

Is there a name of the flying bionic bird?

Inflated grade on resume at previous job, might former employer tell new employer?

Evaluating number of iteration with a certain map with While

What is the best strategy for white in this position?

Dual Citizen. Exited the US on Italian passport recently

What do the Banks children have against barley water?

Feasability of miniature nuclear reactors for humanoid cyborgs

Limit the amount of RAM Mathematica may access?

Is it possible for the two major parties in the UK to form a coalition with each other instead of a much smaller party?

Is domain driven design an anti-SQL pattern?

Geography at the pixel level

Does a dangling wire really electrocute me if I'm standing in water?

description of papers that have not been submitted to a venue?

How can I fix this gap between bookcases I made?

What is the meaning of Triage in Cybersec world?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

5

1

I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.

terminology soc

share|improve this question

edited 50 mins ago

schroeder♦

78.8k30175211

asked 2 hours ago

victor26567victor26567

311

add a comment | 

5

1

I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.

terminology soc

share|improve this question

edited 50 mins ago

schroeder♦

78.8k30175211

asked 2 hours ago

victor26567victor26567

311

add a comment | 

I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.

terminology soc

share|improve this question

edited 50 mins ago

schroeder♦

78.8k30175211

asked 2 hours ago

victor26567victor26567

311

share|improve this question

edited 50 mins ago

schroeder♦

78.8k30175211

asked 2 hours ago

victor26567victor26567

311

share|improve this question

edited 50 mins ago

schroeder♦

78.8k30175211

asked 2 hours ago

victor26567victor26567

311

edited 50 mins ago

schroeder♦

78.8k30175211

edited 50 mins ago

schroeder♦

78.8k30175211

asked 2 hours ago

victor26567victor26567

311

asked 2 hours ago

victor26567victor26567

311

1 Answer
1

active

oldest

votes

8

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 2 hours ago

AdonalsiumAdonalsium

3,4711720

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
  
  – victor26567
  2 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
  
  – Adonalsium
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Poor lil' Inspiron :(
  
  – Kyle Vassella
  32 mins ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207100%2fwhat-is-the-meaning-of-triage-in-cybersec-world%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

8

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 2 hours ago

AdonalsiumAdonalsium

3,4711720

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
  
  – victor26567
  2 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
  
  – Adonalsium
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Poor lil' Inspiron :(
  
  – Kyle Vassella
  32 mins ago
  

  
  
  
  

add a comment | 

8

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 2 hours ago

AdonalsiumAdonalsium

3,4711720

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
  
  – victor26567
  2 hours ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
  
  – Adonalsium
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  1
  

  
  
  
  
  
  

  
  
  Poor lil' Inspiron :(
  
  – Kyle Vassella
  32 mins ago
  

  
  
  
  

add a comment | 

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 2 hours ago

AdonalsiumAdonalsium

3,4711720

share|improve this answer

answered 2 hours ago

AdonalsiumAdonalsium

3,4711720

answered 2 hours ago

AdonalsiumAdonalsium

3,4711720

answered 2 hours ago

AdonalsiumAdonalsium

3,4711720