Skip to content
Log in

Escalation threshold

Definition

A defined criterion, based on severity level, asset type, or indicator type, that triggers handoff of an alert from a first-tier analyst to a more senior analyst or to a specialist team. Escalation thresholds are defined in the incident response plan and should be documented rather than left to analyst discretion.

Related terms

Alert fatigue
The condition in which analysts receive more alerts than they can meaningfully review, leading to delayed responses, dismissed true positives, and reduced...
Asset criticality
A pre-assigned score or label that records how important a system, service, or data set is to the organisation. Used during triage...
False positive
A test result that indicates the presence of a target analyte when it is absent. In forensic serology this may mean incorrectly...
Severity matrix
A two-dimensional scoring tool that combines technical impact and business impact to assign a severity level to a confirmed incident. Outputs are...
Triage
The structured process of evaluating an alert to determine whether it is a genuine security incident and, if so, what severity level...

Explained in

  • Triage and Incident PrioritisationA defined criterion, based on severity level, asset type, or indicator type, that triggers handoff of an alert from a first-tier analyst to a more senior analy...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account