Developing Containment Strategies

AWS Security Incident Response encourages you to consider containment strategies for each major event type that fit within your risk appetite. Document clear criteria to help with decision-making during an event. Criteria to consider include:

Potential damage to resources
Preservation of evidence and regulatory requirements
Service unavailability (for example, network connectivity, services provided to external parties)
Time and resources needed to implement the strategy
Effectiveness of the strategy (for example, partial vs. full containment)
Permanence of the solution (for example, reversible vs. irreversible)
Duration of the solution (for example, emergency workaround, temporary workaround, permanent solution)

Apply security controls that can lower risk and allow time to define and implement a more effective containment strategy.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

S3 Containment

Staged Containment Approach