Skip to content
Log in

Phase granularity

Definition

The number and specificity of discrete steps a framework defines within the IR lifecycle. Higher granularity, as in SANS PICERL's six steps versus NIST's four phases, supports more precise status tracking during complex incidents but can add overhead in smaller teams.

Related terms

CREST
A UK-based not-for-profit professional body that publishes practitioner-focused incident response guidelines and operates accreditation schemes for IR service providers. CREST guidance emphasises...
Framework blending
The practice of combining elements of multiple IR frameworks: for example, using NIST as the strategic backbone, SANS phase names in operational...
ISO/IEC 27035
An international standard for information security incident management. Part 1 covers principles and concepts; Part 2 covers planning and preparation. It defines...
NIST SP 800-61
The US National Institute of Standards and Technology's Computer Security Incident Handling Guide. It defines a four-phase IR lifecycle: Preparation; Detection and...
SANS PICERL
A six-step incident response model developed through SANS Institute training: Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned. PICERL breaks NIST's combined response...

Explained in

  • Comparing Incident Response FrameworksThe number and specificity of discrete steps a framework defines within the IR lifecycle. Higher granularity, as in SANS PICERL's six steps versus NIST's four...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account