Decision gate
Definition
A checkpoint within a playbook at which the responder must evaluate a condition, such as whether data exfiltration has been confirmed, and choose one of two or more defined paths forward. Decision gates prevent responders from skipping critical assessments under time pressure.
Related terms
- Indicators of compromise (IoCs)
- Artefacts observed on a network or system that suggest an intrusion or malicious activity has occurred, such as unusual outbound connections, known-malicious...
- Playbook
- A documented step-by-step procedure for responding to a specific type of security event. Playbooks standardise analyst behaviour, reduce response time, and ensure...
- Runbook
- A technical execution document, sometimes used interchangeably with playbook but more precisely refers to the low-level commands and scripts used during a...
- SOAR
- Security Orchestration, Automation and Response. A platform that can execute playbook steps automatically, such as blocking an IP address or disabling a...
- Tabletop exercise
- A structured, discussion-based simulation in which team members walk through a hypothetical incident using the playbook as a guide, without touching live...
Explained in
- Developing and Using Incident Response PlaybooksA checkpoint within a playbook at which the responder must evaluate a condition, such as whether data exfiltration has been confirmed, and choose one of two or...