Triage and Basic Incident Handling Handbook
This exercise provides students with experience of real-life incident reports, their ambiguity and complexity. After finishing the exercise they should understand what to focus on during initial analysis, how different factors may affect priorities and how to communicate with reporters as well as third parties. During the exercise, they will apply a given classification scheme to incidents – the purpose of this part of the exercise is to work on the consistent classification of disputable cases (eg, worm v scanning) across team members and possibly to suggest a clearer, more unambiguous classification scheme for the team.