RS.AN-03:
Analysis is performed to establish what has taken place during an incident and the root cause of the incident
Implementation Examples
Ex1:
Determine the sequence of events that occurred during the incident and which assets and resources were involved in each event
Ex2:
Attempt to determine what vulnerabilities, threats, and threat actors were directly or indirectly involved in the incident
Ex3:
Analyze the incident to find the underlying, systemic root causes
Ex4:
Check any cyber deception technology for additional information on attacker behavior