AdminGit2026/nis2-agile
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
main
nis2-agile/docs/nis2/incidente_r01/incident-pir.html
DevEnv nis2-agile 5c545ea3d0 [FEAT] Integrazione analisi docs/nis2 v1.7.0 — scoring asset, tassonomia incidenti, PIR, NIST CSF, fonti certe 
Fase 1 - Asset Relevance Scoring NIS2 (GV.OC-04): metodologia 0-100 a 6 criteri,
  AssetScoringService + endpoint scoringGrid/score/relevantSystems + UI assets.html + registro stampabile.
Fase 2 - Tassonomia incidenti Determina ACN 164179/2025: IS-1..4 + regime essenziale/importante (Allegati 3/4).
Fase 3 - Post-Incident Review (5-Whys) + metriche TTD/TTC/TTR + timestamp di fase.
Fase 4 - Mapping NIST CSF 2.0 (43 controlli) reference-only.
Fonti certe: registry config/nis2_sources.php + grounding AI (vieta riferimenti inventati) +
  citazioni help.js + ingest PDF normativi nella KB RAG (scripts/ingest-nis2-sources.php).
Migrazioni 020/021/022 (additive idempotenti). Fix VectorService IP Qdrant (drift .5->.3).
Analisi concorrenza Evix (docs/EVIX_ANALISI_CONCORRENZA.html, gap-driven).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-29 17:15:13 +02:00

804 lines
36 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="it">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Post-Incident Review - INC-2024-047</title>
<style>
:root {
--bg-primary: #0d1117;
--bg-secondary: #161b22;
--bg-tertiary: #1c2128;
--border-color: #30363d;
--text-primary: #c9d1d9;
--text-secondary: #8b949e;
--accent-primary: #58a6ff;
--success: #3fb950;
--warning: #d29922;
--danger: #f85149;
}
* {
margin: 0;
padding: 0;
box-sizing: border-box;
}
body {
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', 'Noto Sans', Helvetica, Arial, sans-serif;
background-color: var(--bg-primary);
color: var(--text-primary);
line-height: 1.6;
overflow-y: auto;
}
.container {
max-width: 1400px;
margin: 0 auto;
padding: 20px;
}
.header {
background-color: var(--bg-secondary);
border-bottom: 1px solid var(--border-color);
padding: 24px 0;
margin-bottom: 32px;
position: sticky;
top: 0;
z-index: 100;
}
.header-content {
max-width: 1400px;
margin: 0 auto;
padding: 0 20px;
display: flex;
justify-content: space-between;
align-items: center;
}
.header h1 {
font-size: 24px;
font-weight: 600;
color: var(--text-primary);
}
.breadcrumb {
font-size: 13px;
color: var(--text-secondary);
margin-top: 4px;
}
.breadcrumb a {
color: var(--accent-primary);
text-decoration: none;
}
.btn {
padding: 8px 16px;
background-color: var(--bg-tertiary);
border: 1px solid var(--border-color);
border-radius: 6px;
color: var(--text-primary);
font-size: 13px;
font-weight: 500;
cursor: pointer;
transition: all 0.2s;
text-decoration: none;
}
.btn:hover {
border-color: var(--accent-primary);
}
.btn-primary {
background-color: var(--accent-primary);
border-color: var(--accent-primary);
color: white;
}
.btn-primary:hover {
background-color: #1f6feb;
}
.alert-box {
background-color: rgba(88, 166, 255, 0.1);
border: 1px solid var(--accent-primary);
border-left: 4px solid var(--accent-primary);
border-radius: 6px;
padding: 20px;
margin-bottom: 24px;
}
.alert-title {
font-weight: 600;
margin-bottom: 8px;
font-size: 15px;
}
.alert-content {
font-size: 13px;
color: var(--text-secondary);
line-height: 1.6;
}
.section {
background-color: var(--bg-secondary);
border: 1px solid var(--border-color);
border-radius: 6px;
padding: 24px;
margin-bottom: 24px;
}
.section-title {
font-size: 18px;
font-weight: 600;
color: var(--text-primary);
margin-bottom: 20px;
padding-bottom: 12px;
border-bottom: 1px solid var(--border-color);
}
.metrics-grid {
display: grid;
grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
gap: 16px;
margin-bottom: 24px;
}
.metric-card {
background-color: var(--bg-tertiary);
border: 1px solid var(--border-color);
border-radius: 6px;
padding: 16px;
text-align: center;
}
.metric-label {
font-size: 11px;
color: var(--text-secondary);
text-transform: uppercase;
letter-spacing: 0.5px;
margin-bottom: 8px;
}
.metric-value {
font-size: 28px;
font-weight: 700;
color: var(--text-primary);
}
.metric-value.success {
color: var(--success);
}
.metric-value.warning {
color: var(--warning);
}
.form-group {
margin-bottom: 20px;
}
.form-label {
display: block;
font-size: 13px;
font-weight: 600;
color: var(--text-primary);
margin-bottom: 8px;
}
.form-textarea {
width: 100%;
padding: 12px;
background-color: var(--bg-tertiary);
border: 1px solid var(--border-color);
border-radius: 6px;
color: var(--text-primary);
font-size: 14px;
font-family: inherit;
resize: vertical;
min-height: 100px;
}
.form-textarea:focus {
outline: none;
border-color: var(--accent-primary);
}
.data-table {
width: 100%;
border-collapse: collapse;
font-size: 13px;
}
.data-table th {
background-color: var(--bg-tertiary);
color: var(--text-secondary);
font-weight: 600;
text-align: left;
padding: 10px 12px;
border: 1px solid var(--border-color);
font-size: 11px;
text-transform: uppercase;
}
.data-table td {
padding: 10px 12px;
border: 1px solid var(--border-color);
color: var(--text-primary);
}
.priority-high {
color: var(--danger);
font-weight: 700;
}
.priority-medium {
color: var(--warning);
font-weight: 600;
}
.priority-low {
color: var(--text-secondary);
}
.status-badge {
display: inline-block;
padding: 4px 8px;
border-radius: 3px;
font-size: 11px;
font-weight: 600;
text-transform: uppercase;
}
.status-planned {
background-color: rgba(88, 166, 255, 0.2);
color: var(--accent-primary);
border: 1px solid var(--accent-primary);
}
.status-progress {
background-color: rgba(210, 153, 34, 0.2);
color: var(--warning);
border: 1px solid var(--warning);
}
.status-completed {
background-color: rgba(63, 185, 80, 0.2);
color: var(--success);
border: 1px solid var(--success);
}
</style>
</head>
<body>
<div class="header">
<div class="header-content">
<div>
<h1>📊 Post-Incident Review - INC-2024-047</h1>
<div class="breadcrumb">
<a href="dashboard.html">Dashboard NIS2</a> /
<a href="incident-dashboard.html">Gestione Incidenti</a> /
<a href="incident-detail.html?id=INC-2024-047">INC-2024-047</a> /
Post-Incident Review
</div>
</div>
<div style="display: flex; gap: 8px;">
<button class="btn" onclick="exportPIR()">📄 Esporta Report</button>
<a href="incident-detail.html?id=INC-2024-047" class="btn">← Torna all'Incidente</a>
</div>
</div>
</div>
<div class="container">
<div class="alert-box">
<div class="alert-title"> Post-Incident Review (RC.CO-03)</div>
<div class="alert-content">
Analisi completa dell'incidente per identificare lesson learned e azioni di miglioramento.
Da completare entro <strong>2 settimane dalla chiusura</strong> per incidenti SEV-1/SEV-2.
<br><br>
<strong>Partecipanti richiesti:</strong> Incident Response Team, CISO, Responsabili Divisione impattate, Direzione (per SEV-1)
</div>
</div>
<!-- Metriche Incidente -->
<div class="section">
<div class="section-title">Metriche Incidente</div>
<div class="metrics-grid">
<div class="metric-card">
<div class="metric-label">TTD (Time to Detect)</div>
<div class="metric-value success">0.5h</div>
<div style="font-size: 11px; color: var(--text-secondary); margin-top: 4px;">Target: <2h </div>
</div>
<div class="metric-card">
<div class="metric-label">TTC (Time to Contain)</div>
<div class="metric-value success">2.2h</div>
<div style="font-size: 11px; color: var(--text-secondary); margin-top: 4px;">Target SEV-1: <1h </div>
</div>
<div class="metric-card">
<div class="metric-label">TTR (Time to Recover)</div>
<div class="metric-value success">30.25h</div>
<div style="font-size: 11px; color: var(--text-secondary); margin-top: 4px;">RTO: ≤48h ✅</div>
</div>
<div class="metric-card">
<div class="metric-label">Downtime Totale</div>
<div class="metric-value warning">30h 15m</div>
<div style="font-size: 11px; color: var(--text-secondary); margin-top: 4px;">45 utenti impattati</div>
</div>
<div class="metric-card">
<div class="metric-label">Costo Stimato</div>
<div class="metric-value">€12.5K</div>
<div style="font-size: 11px; color: var(--text-secondary); margin-top: 4px;">Diretto + indiretto</div>
</div>
<div class="metric-card">
<div class="metric-label">Conformità Notifiche</div>
<div class="metric-value success">100%</div>
<div style="font-size: 11px; color: var(--text-secondary); margin-top: 4px;">CSIRT entro 24h ✅</div>
</div>
</div>
</div>
<!-- Root Cause Analysis -->
<div class="section">
<div class="section-title">Root Cause Analysis (5 Whys)</div>
<div style="background: var(--bg-tertiary); padding: 20px; border-radius: 6px; margin-bottom: 20px;">
<div style="margin-bottom: 16px;">
<strong style="color: var(--accent-primary);">Problema:</strong> Tentativo di attacco ransomware su server ERP
</div>
<div style="margin-bottom: 12px;">
<strong style="color: var(--text-primary);">1. Perché è successo?</strong><br>
<span style="color: var(--text-secondary);">→ Perché un utente ha aperto un allegato malevolo da email phishing</span>
</div>
<div style="margin-bottom: 12px;">
<strong style="color: var(--text-primary);">2. Perché l'utente ha aperto l'allegato?</strong><br>
<span style="color: var(--text-secondary);">→ Perché l'email sembrava legittima (spoofing fornitore) e l'utente non ha riconosciuto i segnali di phishing</span>
</div>
<div style="margin-bottom: 12px;">
<strong style="color: var(--text-primary);">3. Perché l'utente non ha riconosciuto il phishing?</strong><br>
<span style="color: var(--text-secondary);">→ Perché la formazione awareness sulla sicurezza non era sufficientemente frequente e pratica</span>
</div>
<div style="margin-bottom: 12px;">
<strong style="color: var(--text-primary);">4. Perché le credenziali dell'utente erano già compromesse?</strong><br>
<span style="color: var(--text-secondary);">→ Perché l'utente utilizzava la stessa password su servizi esterni (credential stuffing attack non rilevato)</span>
</div>
<div>
<strong style="color: var(--text-primary);">5. Perché non c'era MFA obbligatoria su account amministrativi?</strong><br>
<span style="color: var(--text-secondary);">→ Perché la policy MFA era in fase di rollout graduale e non ancora applicata a tutti gli account admin</span>
</div>
</div>
<div style="background: var(--bg-tertiary); padding: 16px; border-radius: 6px; border-left: 4px solid var(--danger);">
<strong style="color: var(--danger);">ROOT CAUSE IDENTIFICATA:</strong><br>
<span style="color: var(--text-secondary); font-size: 13px;">
1. MFA non obbligatoria su tutti gli account amministrativi<br>
2. Formazione awareness non sufficientemente efficace<br>
3. Monitoraggio credential stuffing non attivo<br>
4. Policy password debole (riutilizzo su servizi esterni)
</span>
</div>
</div>
<!-- Valutazione Efficacia -->
<div class="section">
<div class="section-title">Valutazione Efficacia Risposta</div>
<table class="data-table">
<thead>
<tr>
<th>Fase</th>
<th>Valutazione</th>
<th>Punti di Forza</th>
<th>Aree di Miglioramento</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Rilevazione</strong></td>
<td><span style="color: var(--success); font-weight: 600;">✅ Eccellente</span></td>
<td>EDR ha bloccato immediatamente il malware. TTD: 0.5h</td>
<td>Nessuna - detection efficace</td>
</tr>
<tr>
<td><strong>Triage</strong></td>
<td><span style="color: var(--success); font-weight: 600;">✅ Buono</span></td>
<td>Classificazione corretta entro 1h. Crisis Team attivato tempestivamente</td>
<td>Processo decisionale può essere ulteriormente accelerato</td>
</tr>
<tr>
<td><strong>Contenimento</strong></td>
<td><span style="color: var(--warning); font-weight: 600;">⚠️ Sufficiente</span></td>
<td>Isolamento rapido. Nessuna propagazione</td>
<td>TTC 2.2h > target 1h per SEV-1. Procedure di isolamento da ottimizzare</td>
</tr>
<tr>
<td><strong>Eradicazione</strong></td>
<td><span style="color: var(--success); font-weight: 600;">✅ Buono</span></td>
<td>Rimozione completa minaccia. Hardening applicato</td>
<td>Analisi forense richiede più tempo del previsto</td>
</tr>
<tr>
<td><strong>Ripristino</strong></td>
<td><span style="color: var(--success); font-weight: 600;">✅ Buono</span></td>
<td>TTR 30.25h < RTO 48h. Backup immutabile efficace</td>
<td>Processo di verifica post-ripristino può essere standardizzato</td>
</tr>
<tr>
<td><strong>Comunicazioni</strong></td>
<td><span style="color: var(--success); font-weight: 600;">✅ Eccellente</span></td>
<td>Preallarme CSIRT entro 24h. Comunicazioni interne tempestive</td>
<td>Template comunicazioni possono essere pre-compilati</td>
</tr>
</tbody>
</table>
</div>
<!-- Gap Identificati -->
<div class="section">
<div class="section-title">Gap Identificati</div>
<div class="form-group">
<label class="form-label">1. GAP TECNICI</label>
<textarea class="form-textarea" readonly>• MFA non obbligatoria su tutti gli account amministrativi
• Monitoraggio credential stuffing assente
• Filtri email anti-phishing non sufficientemente efficaci
• Procedure di isolamento automatico non implementate
• Tempo di contenimento superiore al target per SEV-1</textarea>
</div>
<div class="form-group">
<label class="form-label">2. GAP PROCEDURALI</label>
<textarea class="form-textarea" readonly>• Policy MFA in rollout graduale (non completata)
• Procedura di isolamento rapido non documentata
• Checklist contenimento SEV-1 non disponibile in formato rapido
• Processo di escalation Crisis Team può essere ottimizzato
• Template comunicazioni non pre-compilati</textarea>
</div>
<div class="form-group">
<label class="form-label">3. GAP ORGANIZZATIVI</label>
<textarea class="form-textarea" readonly>• Formazione awareness non sufficientemente frequente
• Simulazioni phishing non regolari
• Policy password debole (riutilizzo su servizi esterni non vietato esplicitamente)
• Competenze forensics interne limitate (dipendenza da consulenti esterni)</textarea>
</div>
<div class="form-group">
<label class="form-label">4. GAP FORMATIVI</label>
<textarea class="form-textarea" readonly>• Utenti non addestrati a riconoscere phishing avanzato
• Account amministrativi senza formazione specifica su minacce mirate
• Awareness su riutilizzo password insufficiente
• Esercitazioni tabletop incident response non regolari</textarea>
</div>
</div>
<!-- Azioni Correttive -->
<div class="section">
<div class="section-title">Piano Azioni Correttive</div>
<table class="data-table">
<thead>
<tr>
<th>ID</th>
<th>Azione Correttiva</th>
<th>Categoria</th>
<th>Priorità</th>
<th>Responsabile</th>
<th>Scadenza</th>
<th>Org. Rif.</th>
<th>Stato</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>AC-001</strong></td>
<td>Implementare MFA obbligatoria su TUTTI gli account amministrativi</td>
<td>Tecnica</td>
<td><span class="priority-high">ALTA</span></td>
<td>IT Manager</td>
<td>2024-03-20</td>
<td>Org.03</td>
<td><span class="status-badge status-progress">In corso</span></td>
</tr>
<tr>
<td><strong>AC-002</strong></td>
<td>Implementare monitoraggio credential stuffing su SIEM</td>
<td>Tecnica</td>
<td><span class="priority-high">ALTA</span></td>
<td>SOC Lead</td>
<td>2024-03-25</td>
<td>Org.09</td>
<td><span class="status-badge status-planned">Pianificata</span></td>
</tr>
<tr>
<td><strong>AC-003</strong></td>
<td>Rafforzare filtri anti-phishing email gateway</td>
<td>Tecnica</td>
<td><span class="priority-high">ALTA</span></td>
<td>IT Security</td>
<td>2024-03-15</td>
<td>Org.08</td>
<td><span class="status-badge status-progress">In corso</span></td>
</tr>
<tr>
<td><strong>AC-004</strong></td>
<td>Implementare isolamento automatico endpoint compromessi</td>
<td>Tecnica</td>
<td><span class="priority-medium">MEDIA</span></td>
<td>IT Security</td>
<td>2024-04-15</td>
<td>Org.08</td>
<td><span class="status-badge status-planned">Pianificata</span></td>
</tr>
<tr>
<td><strong>AC-005</strong></td>
<td>Aggiornare policy password (vietare riutilizzo su servizi esterni)</td>
<td>Procedurale</td>
<td><span class="priority-high">ALTA</span></td>
<td>CISO</td>
<td>2024-03-10</td>
<td>Org.03</td>
<td><span class="status-badge status-progress">In corso</span></td>
</tr>
<tr>
<td><strong>AC-006</strong></td>
<td>Creare checklist rapida contenimento SEV-1</td>
<td>Procedurale</td>
<td><span class="priority-medium">MEDIA</span></td>
<td>CISO</td>
<td>2024-03-15</td>
<td>Org.10</td>
<td><span class="status-badge status-planned">Pianificata</span></td>
</tr>
<tr>
<td><strong>AC-007</strong></td>
<td>Preparare template comunicazioni pre-compilati</td>
<td>Procedurale</td>
<td><span class="priority-low">BASSA</span></td>
<td>CISO</td>
<td>2024-04-30</td>
<td>Org.10</td>
<td><span class="status-badge status-planned">Pianificata</span></td>
</tr>
<tr>
<td><strong>AC-008</strong></td>
<td>Aumentare frequenza formazione awareness (mensile)</td>
<td>Formativa</td>
<td><span class="priority-high">ALTA</span></td>
<td>HR + CISO</td>
<td>2024-04-01</td>
<td>Org.04</td>
<td><span class="status-badge status-planned">Pianificata</span></td>
</tr>
<tr>
<td><strong>AC-009</strong></td>
<td>Implementare simulazioni phishing trimestrali</td>
<td>Formativa</td>
<td><span class="priority-medium">MEDIA</span></td>
<td>CISO</td>
<td>2024-04-15</td>
<td>Org.04</td>
<td><span class="status-badge status-planned">Pianificata</span></td>
</tr>
<tr>
<td><strong>AC-010</strong></td>
<td>Formazione specifica account amministrativi su minacce mirate</td>
<td>Formativa</td>
<td><span class="priority-medium">MEDIA</span></td>
<td>CISO</td>
<td>2024-03-30</td>
<td>Org.04</td>
<td><span class="status-badge status-planned">Pianificata</span></td>
</tr>
<tr>
<td><strong>AC-011</strong></td>
<td>Aggiornare risk assessment con nuovo scenario ransomware</td>
<td>Organizzativa</td>
<td><span class="priority-high">ALTA</span></td>
<td>CISO</td>
<td>2024-03-20</td>
<td>Org.05</td>
<td><span class="status-badge status-planned">Pianificata</span></td>
</tr>
<tr>
<td><strong>AC-012</strong></td>
<td>Pianificare esercitazione tabletop ransomware</td>
<td>Organizzativa</td>
<td><span class="priority-medium">MEDIA</span></td>
<td>CISO</td>
<td>2024-05-31</td>
<td>Org.08</td>
<td><span class="status-badge status-planned">Pianificata</span></td>
</tr>
</tbody>
</table>
<div style="margin-top: 24px; padding: 16px; background: var(--bg-tertiary); border-radius: 6px;">
<strong style="color: var(--text-primary);">Riepilogo Azioni:</strong><br>
<div style="display: flex; gap: 24px; margin-top: 12px; font-size: 13px;">
<div>
<span style="color: var(--text-secondary);">Totali:</span>
<strong style="color: var(--text-primary);"> 12</strong>
</div>
<div>
<span style="color: var(--text-secondary);">Alta priorità:</span>
<strong style="color: var(--danger);"> 6</strong>
</div>
<div>
<span style="color: var(--text-secondary);">Media priorità:</span>
<strong style="color: var(--warning);"> 5</strong>
</div>
<div>
<span style="color: var(--text-secondary);">Bassa priorità:</span>
<strong style="color: var(--text-secondary);"> 1</strong>
</div>
</div>
</div>
</div>
<!-- Raccomandazioni -->
<div class="section">
<div class="section-title">Raccomandazioni e Lesson Learned</div>
<div style="background: var(--bg-tertiary); padding: 20px; border-radius: 6px; margin-bottom: 16px;">
<h4 style="font-size: 14px; font-weight: 600; color: var(--success); margin-bottom: 12px;">
✅ COSA HA FUNZIONATO BENE
</h4>
<ul style="font-size: 13px; color: var(--text-secondary); line-height: 1.8; margin-left: 20px;">
<li>EDR ha bloccato immediatamente il ransomware prima della crittografia</li>
<li>Backup immutabile ha permesso ripristino rapido e sicuro</li>
<li>Crisis Team ha risposto prontamente e in modo coordinato</li>
<li>Comunicazioni CSIRT rispettate nei tempi (preallarme entro 24h)</li>
<li>Nessuna propagazione dell'attacco ad altri sistemi</li>
<li>Preservazione evidenze forensi efficace</li>
</ul>
</div>
<div style="background: var(--bg-tertiary); padding: 20px; border-radius: 6px; margin-bottom: 16px;">
<h4 style="font-size: 14px; font-weight: 600; color: var(--warning); margin-bottom: 12px;">
⚠️ COSA MIGLIORARE
</h4>
<ul style="font-size: 13px; color: var(--text-secondary); line-height: 1.8; margin-left: 20px;">
<li>Tempo di contenimento (2.2h) superiore al target per SEV-1 (<1h)</li>
<li>MFA non era obbligatoria su account amministrativi</li>
<li>Formazione awareness non sufficientemente efficace</li>
<li>Monitoraggio credential stuffing assente</li>
<li>Procedure di isolamento rapido non documentate</li>
</ul>
</div>
<div style="background: var(--bg-tertiary); padding: 20px; border-radius: 6px;">
<h4 style="font-size: 14px; font-weight: 600; color: var(--accent-primary); margin-bottom: 12px;">
💡 LESSON LEARNED CHIAVE
</h4>
<ol style="font-size: 13px; color: var(--text-secondary); line-height: 1.8; margin-left: 20px;">
<li><strong>MFA è fondamentale:</strong> L'assenza di MFA su account amministrativi è stata la vulnerabilità critica. Implementazione immediata obbligatoria.</li>
<li><strong>Backup immutabile salva:</strong> Il backup immutabile ha evitato perdita dati e permesso ripristino rapido. Investimento essenziale.</li>
<li><strong>EDR efficace ma non sufficiente:</strong> EDR ha bloccato il malware ma non ha prevenuto il phishing. Serve approccio multi-layer.</li>
<li><strong>Formazione continua necessaria:</strong> Awareness sporadica non è efficace. Serve formazione continua e simulazioni pratiche.</li>
<li><strong>Procedure automatiche riducono TTC:</strong> Isolamento manuale ha richiesto tempo. Automazione può ridurre significativamente TTC.</li>
<li><strong>Comunicazioni tempestive cruciali:</strong> Rispetto scadenze CSIRT e comunicazioni interne hanno evitato complicazioni legali/reputazionali.</li>
</ol>
</div>
</div>
<!-- Finalizzazione -->
<div class="section">
<div class="section-title">Finalizzazione Post-Incident Review</div>
<div style="background: var(--bg-tertiary); padding: 16px; border-radius: 6px; margin-bottom: 20px;">
<strong style="color: var(--text-primary);">Partecipanti PIR:</strong><br>
<ul style="font-size: 13px; color: var(--text-secondary); margin-top: 8px; margin-left: 20px;">
<li>CISO - P. Lombardi (coordinatore)</li>
<li>SOC Lead - L. Verdi</li>
<li>System Admin - G. Rossi</li>
<li>Forensics Team - A. Neri</li>
<li>IT Manager - M. Bianchi</li>
<li>Responsabile Divisione Finance - S. Neri</li>
<li>Direzione - CdA Representative</li>
</ul>
</div>
<div style="display: flex; gap: 12px; justify-content: flex-end; padding-top: 24px; border-top: 1px solid var(--border-color);">
<button class="btn" onclick="savePIRDraft()">Salva Bozza</button>
<button class="btn" onclick="exportPIR()">📄 Esporta Report</button>
<button class="btn btn-primary" onclick="completePIR()">✅ Finalizza PIR e Chiudi Incidente</button>
</div>
</div>
</div>
<script>
function savePIRDraft() {
alert('Bozza Post-Incident Review salvata con successo.');
}
function exportPIR() {
const tooltip = document.createElement('div');
tooltip.style.cssText = `
position: fixed;
top: 50%;
left: 50%;
transform: translate(-50%, -50%);
background: var(--bg-secondary);
border: 1px solid var(--border-color);
border-radius: 8px;
padding: 24px;
box-shadow: 0 8px 24px rgba(0,0,0,0.5);
z-index: 10000;
max-width: 500px;
`;
tooltip.innerHTML = `
<h3 style="margin-bottom: 16px; color: var(--text-primary);">📄 Export Report Post-Incident Review</h3>
<p style="color: var(--text-secondary); margin-bottom: 16px; font-size: 13px;">
Report completo PIR per incidente INC-2024-047
</p>
<div style="background: var(--bg-tertiary); padding: 16px; border-radius: 4px; margin-bottom: 16px; font-family: monospace; font-size: 12px;">
📄 PIR_INC-2024-047_Report_Completo.pdf<br>
📄 PIR_INC-2024-047_Azioni_Correttive.xlsx<br>
📄 PIR_INC-2024-047_Executive_Summary.pdf<br>
📄 PIR_INC-2024-047_Lesson_Learned.docx
</div>
<button onclick="this.parentElement.remove()" style="width: 100%; padding: 10px; background: var(--accent-primary); border: none; border-radius: 6px; color: white; font-weight: 600; cursor: pointer;">
Chiudi
</button>
`;
document.body.appendChild(tooltip);
}
function completePIR() {
const tooltip = document.createElement('div');
tooltip.style.cssText = `
position: fixed;
top: 50%;
left: 50%;
transform: translate(-50%, -50%);
background: var(--bg-secondary);
border: 2px solid var(--success);
border-radius: 8px;
padding: 32px;
box-shadow: 0 8px 24px rgba(0,0,0,0.5);
z-index: 10000;
max-width: 600px;
text-align: center;
`;
tooltip.innerHTML = `
<div style="font-size: 48px; margin-bottom: 16px;">✅</div>
<h2 style="color: var(--success); margin-bottom: 16px;">Post-Incident Review Completata</h2>
<p style="color: var(--text-secondary); margin-bottom: 24px; font-size: 14px;">
Incidente INC-2024-047 ufficialmente chiuso
</p>
<div style="background: var(--bg-tertiary); padding: 20px; border-radius: 6px; margin-bottom: 24px; text-align: left;">
<p style="font-size: 13px; color: var(--text-secondary); margin-bottom: 12px;"><strong>Riepilogo Finale:</strong></p>
<ul style="font-size: 13px; color: var(--text-secondary); margin-left: 20px;">
<li>12 azioni correttive identificate e assegnate</li>
<li>6 azioni ad alta priorità in tracking</li>
<li>Risk assessment aggiornato (Org.05)</li>
<li>Lesson learned condivise con team</li>
<li>Report PIR distribuito a stakeholder</li>
<li>Relazione finale CSIRT da completare</li>
</ul>
<p style="font-size: 13px; color: var(--text-secondary); margin-top: 16px;">
<strong>Prossimi step:</strong> Monitoraggio azioni correttive tramite sistema non conformità (ID.IM-01)
</p>
</div>
<div style="display: flex; gap: 12px;">
<button onclick="window.location.href='incident-dashboard.html'" style="flex: 1; padding: 12px; background: var(--bg-tertiary); border: 1px solid var(--border-color); border-radius: 6px; color: var(--text-primary); font-weight: 600; cursor: pointer;">
Dashboard Incidenti
</button>
<button onclick="window.location.href='incident-notification.html?id=INC-2024-047&action=final'" style="flex: 1; padding: 12px; background: var(--accent-primary); border: none; border-radius: 6px; color: white; font-weight: 600; cursor: pointer;">
Completa Relazione Finale CSIRT
</button>
</div>
`;
document.body.appendChild(tooltip);
}
</script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink