incident-response
Installation
SKILL.md
Incident Response Skill
Purpose
Establish comprehensive procedures for detecting, analyzing, containing, eradicating, and recovering from security incidents across all Hack23 projects, aligned with NIST SP 800-61r2 and ISO 27035.
Rules
Incident Classification
MUST classify incidents by severity:
| Severity | Description | Response Time | Escalation |
|---|---|---|---|
| Critical | Active exploitation, data breach, system compromise | 1 hour | CEO immediate |
| High | Vulnerability with exploit available, unauthorized access attempt | 4 hours | CEO within 24h |
| Medium | Suspicious activity, policy violation, failed attacks | 24 hours | Weekly review |
| Low | Minor policy deviations, informational alerts | 72 hours | Monthly review |