Zrjydtj

Inline version of a function returns different value then non-inline version

Inflated grade on resume at previous job, might former employer tell new employer?

Is flight data recorder erased after every flight?

Should I write numbers in words or as symbols in this case?

How to manage monthly salary

How to make payment on the internet without leaving a money trail?

JSON.serialize: is it possible to suppress null values of a map?

Can't find the latex code for the ⍎ (down tack jot) symbol

Can I write a for loop that iterates over both collections and arrays?

What is the use of option -o in the useradd command?

What is the meaning of Triage in Cybersec world?

Idomatic way to prevent slicing?

Falsification in Math vs Science

What do hard-Brexiteers want with respect to the Irish border?

Is there a name of the flying bionic bird?

Limit the amount of RAM Mathematica may access?

What does sndry explns mean in one of the Hitchhiker's guide books?

In microwave frequencies, do you use a circulator when you need a (near) perfect diode?

How to interpret this form of Heaps' Law?

How to deal with fear of taking dependencies

Evaluating number of iteration with a certain map with While

Landlord wants to switch my lease to a "Land contract" to "get back at the city"

What tool would a Roman-age civilisation use to reduce/breakup silver and other metals?

Time travel alters history but people keep saying nothing's changed

What is the meaning of Triage in Cybersec world?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;

2

I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.

terminology soc

share|improve this question

edited 11 mins ago

schroeder♦

78.8k30175211

asked 1 hour ago

victor26567victor26567

161

add a comment | 

2

I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.

terminology soc

share|improve this question

edited 11 mins ago

schroeder♦

78.8k30175211

asked 1 hour ago

victor26567victor26567

161

add a comment | 

I searched Google about this term, but the definitions that I found was related to the medical world, and nothing related to IT. I think that is some kind of procedure of documenting something maybe? Note that I heard this word for the first time in the SOC (Security Operations Center) that I am currently working.

terminology soc

share|improve this question

edited 11 mins ago

schroeder♦

78.8k30175211

asked 1 hour ago

victor26567victor26567

161

share|improve this question

edited 11 mins ago

schroeder♦

78.8k30175211

asked 1 hour ago

victor26567victor26567

161

share|improve this question

edited 11 mins ago

schroeder♦

78.8k30175211

asked 1 hour ago

victor26567victor26567

161

edited 11 mins ago

schroeder♦

78.8k30175211

edited 11 mins ago

schroeder♦

78.8k30175211

asked 1 hour ago

victor26567victor26567

161

asked 1 hour ago

victor26567victor26567

161

1 Answer
1

active

oldest

votes

4

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 1 hour ago

AdonalsiumAdonalsium

3,4311720

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
  
  – victor26567
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
  
  – Adonalsium
  1 hour ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f207100%2fwhat-is-the-meaning-of-triage-in-cybersec-world%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

4

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 1 hour ago

AdonalsiumAdonalsium

3,4311720

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
  
  – victor26567
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
  
  – Adonalsium
  1 hour ago
  

  
  
  
  

add a comment | 

4

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 1 hour ago

AdonalsiumAdonalsium

3,4311720

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  wow, thanks a lot. So, in brief, it is like prioritize which systems you want to restore, because there are many of them, and you cant work with all of them at the same time, right?
  
  – victor26567
  1 hour ago
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Pretty much. It's just deciding what systems make the most sense to fix first, because you have limited resources.
  
  – Adonalsium
  1 hour ago
  

  
  
  
  

add a comment | 

We just got reports that 4000 of our systems are infected with ransomeware.

3000 are end users, 800 are non-critical servers, 200 are critical servers.

Triage is looking at this mess and deciding which order to start restoring systems in. We can't tackle them all at once, so we have to look at some and say 'Sorry, little Inspiron that couldn't, you get to sit there and be useless for a while.'

It comes from the medical world, as you've stated. It's the same reasoning as an ER doctor looking at two patients and deciding to work on the one that they're more certain they can save. You let one go, as hard as it may be, so that the other might live. If you'd worked on the worse injured person, it's possible they both would have died.

The difference in the security world is that often it's dollars lost due to users being unable to work, rather than literal life and death. You work on the systems that you are most likely to be able to restore, and that will return the largest amount of productivity to the environment. You leave the individual laptops that only affect a single user to the side, for now.

share|improve this answer

answered 1 hour ago

AdonalsiumAdonalsium

3,4311720

share|improve this answer

answered 1 hour ago

AdonalsiumAdonalsium

3,4311720

answered 1 hour ago

AdonalsiumAdonalsium

3,4311720

answered 1 hour ago

AdonalsiumAdonalsium

3,4311720