incident-response
Incident Response Skill
Purpose
Establish comprehensive procedures for detecting, analyzing, containing, eradicating, and recovering from security incidents across all Hack23 projects, aligned with NIST SP 800-61r2 and ISO 27035.
Rules
Incident Classification
MUST classify incidents by severity:
| Severity | Description | Response Time | Escalation |
|---|---|---|---|
| Critical | Active exploitation, data breach, system compromise | 1 hour | CEO immediate |
| High | Vulnerability with exploit available, unauthorized access attempt | 4 hours | CEO within 24h |
| Medium | Suspicious activity, policy violation, failed attacks | 24 hours | Weekly review |
| Low | Minor policy deviations, informational alerts | 72 hours | Monthly review |
More from hack23/homepage
github-actions-cicd
GitHub Actions workflow structure, security scanning integration (CodeQL, ZAP), Lighthouse audits, minification, and deployment automation
108html-css-best-practices
Semantic HTML5, CSS custom properties, responsive design, and performance optimization for web development
91agentic-workflow-orchestration
Multi-agent coordination, orchestrator-worker patterns, /plan decomposition, and project coordination for GitHub Agentic Workflows
61product-documentation
Product documentation standards covering user guides, feature documentation, release notes, and end-user communication
52c4-modeling
C4 model (Context, Container, Component, Code) diagram patterns with Mermaid syntax for architecture documentation
33cryptography
Approved cryptographic algorithms, TLS enforcement, key management, and certificate handling per Hack23 Cryptographic Controls Policy
32