counteractive · JMCumbrera · May 10, 2022 · May 10, 2022 · May 10, 2022 · May 10, 2022
diff --git a/IS-4.01-G3.md b/IS-4.01-G3.md
diff --git a/IS-4.02-SGM.md b/IS-4.02-SGM.md
diff --git a/IS-4.2-JCL.md b/IS-4.2-JCL.md
diff --git a/IS-P02-CRO.md b/IS-P02-CRO.md
diff --git a/README.md b/README.md
diff --git a/about.md b/about.md
@@ -1,36 +1,40 @@
-# About
-
-This template was developed by the team at [Counteractive Security](https://www.counteractive.net), to help all organizations get a good start on a concise, directive, specific, flexible, and free incident response plan.  Build a [plan you will actually use](https://www.counteractive.net/posts/an-ir-plan-you-will-use/) to respond effectively, minimize cost and impact, and get back to business as soon as possible.
-
-## License
-
-This template is provided under the Apache License, version 2.0.  You can view the source code for this plan at https://github.com/counteractive.
-
-## Instructions
-
-Customize this plan template for your own organization.  Instructions are available in the project's [README](https://github.com/counteractive).  For professional assistance with incident response, or with customizing, implementing, or testing your plan, please contact us by [email](mailto:support@counteractive.net) or [phone](tel:+18889255765).
-
-## References and Additional Reading
-
-* [NIST Computer Security Incident Handling Guide](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf) (NIST)
-* [CERT Societe Generale Incident Response Methodologies](https://github.com/certsocietegenerale/IRM/tree/master/EN)
-* [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework)
-* [Incident Handler's Handbook](https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901) (SANS)
-* [Responding to IT Security Incidents](https://technet.microsoft.com/en-us/library/cc700825.aspx) (Microsoft)
-* [Defining Incident Management Processes for CSIRTs: A Work in Progress](http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=7153) (CMU)
-* [Creating and Managing Computer Security Incident Handling Teams (CSIRTS)](https://www.first.org/conference/2008/papers/killcrece-georgia-slides.pdf) (CERT)
-* [Incident Management for Operations](http://shop.oreilly.com/product/0636920036159.do) (Rob Schnepp, Ron Vidal, Chris Hawley)
-* [_Incident Response & Computer Forensics, Third Edition_](http://a.co/cUkFzMh) (Jason Luttgens. Matthew Pepe. Kevin Mandia)
-* [_Incident Response_](http://shop.oreilly.com/product/9780596001308.do) (Kenneth R. van Wyk, Richard Forno)
-* [The Checklist Manifesto](http://atulgawande.com/book/the-checklist-manifesto/) (Atul Gawande)
-* [The Field Guide to Understanding Human Error](https://www.amazon.com/Field-Guide-Understanding-Human-Error/dp/0754648265) (Sidney Dekker)
-* [Normal Accidents: Living with High-Risk Technologies](https://www.amazon.com/Normal-Accidents-Living-High-Risk-Technologies/dp/0691004129) (Charles Perrow)
-* [Site Reliability Engineering](https://landing.google.com/sre/book.html) (Google)
-* [Debriefing Facilitation Guide](http://extfiles.etsy.com/DebriefingFacilitationGuide.pdf) (Etsy)
-* [Every Minute Counts: Leading Heroku's Incident Response](https://www.heavybit.com/library/video/every-minute-counts-coordinating-herokus-incident-response/) (Blake Gentry)
-* [Three Analytical Traps in Accident Investigation](https://www.youtube.com/watch?v=TqaFT-0cY7U) (Dr. Johan Bergström)
-* [US National Incident Management System (NIMS)](https://www.fema.gov/national-incident-management-system) (FEMA)
-* [Informed's NIMS Incident Command System Field Guide](https://www.amazon.com/gp/product/1284038408) (Michael J. Ward)
-* [Advanced PostMortem Fu and Human Error 101 (Velocity 2011)](http://www.slideshare.net/jallspaw/advanced-postmortem-fu-and-human-error-101-velocity-2011)
-* [Blame. Language. Sharing.](http://fractio.nl/2015/10/30/blame-language-sharing/)
-
+
+# Acerca de
+
+Esta plantilla ha sido creada por el equipo de [Counteractive Security](https://www.counteractive.net), para ayudar a todas las organizaciones a comenzar de forma concisa, directa, especifica, flexible y gratuita un plan de respuesta de incidentes. crea un plan [que utilizaras](https://www.counteractive.net/posts/an-ir-plan-you-will-use/) para responder de manera eficiente, minimizando los costes e impactos, para volver a trabajar lo mas rapido posible.
+
+
+## Licencia
+
+Esta plantilla esta proporcionado bajo la licencia de apache, version 2.0. puedes ver el codigo fuente en https://github.com/counteractive.
+
+
+## Instrucciones
+
+Personaliza esta plantilla para tu organizacion. Las instrucciones estan disponibles en el [README](https://github.com/counteractive) del projecto. Para asistencia profesional con respuestas de incidentes, o con customizacion, implementacion, o testeo de tu plan, porfavor contacta con nosotros por [email](mailto:support@counteractive.net) o [telefono](tel:+18889255765).
+
+
+## Referencias y material adicional
+
+* [NIST Computer Security Incident Handling Guide](http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-61r2.pdf) (NIST)
+* [CERT Societe Generale Incident Response Methodologies](https://github.com/certsocietegenerale/IRM/tree/master/EN)
+* [NIST Cybersecurity Framework](https://www.nist.gov/cyberframework)
+* [Incident Handler's Handbook](https://www.sans.org/reading-room/whitepapers/incident/incident-handlers-handbook-33901) (SANS)
+* [Responding to IT Security Incidents](https://technet.microsoft.com/en-us/library/cc700825.aspx) (Microsoft)
+* [Defining Incident Management Processes for CSIRTs: A Work in Progress](http://resources.sei.cmu.edu/library/asset-view.cfm?assetid=7153) (CMU)
+* [Creating and Managing Computer Security Incident Handling Teams (CSIRTS)](https://www.first.org/conference/2008/papers/killcrece-georgia-slides.pdf) (CERT)
+* [Incident Management for Operations](http://shop.oreilly.com/product/0636920036159.do) (Rob Schnepp, Ron Vidal, Chris Hawley)
+* [_Incident Response & Computer Forensics, Third Edition_](http://a.co/cUkFzMh) (Jason Luttgens. Matthew Pepe. Kevin Mandia)
+* [_Incident Response_](http://shop.oreilly.com/product/9780596001308.do) (Kenneth R. van Wyk, Richard Forno)
+* [The Checklist Manifesto](http://atulgawande.com/book/the-checklist-manifesto/) (Atul Gawande)
+* [The Field Guide to Understanding Human Error](https://www.amazon.com/Field-Guide-Understanding-Human-Error/dp/0754648265) (Sidney Dekker)
+* [Normal Accidents: Living with High-Risk Technologies](https://www.amazon.com/Normal-Accidents-Living-High-Risk-Technologies/dp/0691004129) (Charles Perrow)
+* [Site Reliability Engineering](https://landing.google.com/sre/book.html) (Google)
+* [Debriefing Facilitation Guide](http://extfiles.etsy.com/DebriefingFacilitationGuide.pdf) (Etsy)
+* [Every Minute Counts: Leading Heroku's Incident Response](https://www.heavybit.com/library/video/every-minute-counts-coordinating-herokus-incident-response/) (Blake Gentry)
+* [Three Analytical Traps in Accident Investigation](https://www.youtube.com/watch?v=TqaFT-0cY7U) (Dr. Johan Bergström)
+* [US National Incident Management System (NIMS)](https://www.fema.gov/national-incident-management-system) (FEMA)
+* [Informed's NIMS Incident Command System Field Guide](https://www.amazon.com/gp/product/1284038408) (Michael J. Ward)
+* [Advanced PostMortem Fu and Human Error 101 (Velocity 2011)](http://www.slideshare.net/jallspaw/advanced-postmortem-fu-and-human-error-101-velocity-2011)
+* [Blame. Language. Sharing.](http://fractio.nl/2015/10/30/blame-language-sharing/)
+
diff --git a/after.md b/after.md
@@ -1,37 +1,36 @@
-# Conduct an After Action Review (AAR)
-
-1. Schedule an After Action Review (AAR) meeting within {{AAR_SLA}} and invite the attendees listed at {{AAR_ATTENDEES}}.  Always include the following:
-    * The incident commander.
-    * Service owners involved in the incident.
-    * Key engineer(s)/responders involved in the incident.
-1. Designate an AAR owner who will investigate the incident in advance of the meeting to prepare, looking into the incident process itself including reviewing notes and reports.
-
-## Conduct the AAR Meeting
-
-Document answers to the following key questions:
-
-1. **What happened?** Create a timeline, supported with data or other artifacts. **Avoid blame. Find facts.**
-1. **What was supposed to happen?**
-    * Detail deviations from process, procedure, or best practice, including SME assessments.
-    * Identify ways the incident could have been detected sooner, or responded to more effectively
-1. **What were the root causes?** Find root cause to things that happened and to things that should have happened.
-1. **How can we improve?** Capture action items _with assignees and due dates_.  Consider:
-    * Stop: what should we stop doing?
-    * Start: what should we start doing?
-    * Continue: what should we keep doing?
-
-## Communicate AAR Status and Results
-
-The AAR owner, in coordination with the Internal Liaison, will  communicate the status of the AAR (see below)
-
-### Status Descriptions
-
-| Status | Description |
-|-|-|
-| **Draft** | AAR investigation is still ongoing |
-| **In Review** | AAR investigation has been completed, and is ready to be reviewed during the AAR meeting. |
-| **Reviewed** | AAR meeting is over and the content has been reviewed and agreed upon.<br>If there are additional "External Messages", the communications team will take action to prepare. |
-| **Closed** | No further actions are needed on the AAR (outstanding issues are tracked in tickets).<br>If no "External Messages", skip straight to this once the meeting is over.<br>If there are additional "External Messages", communications team will update AAR Closed once sent. |
-
-Communicate the results of the AAR internally and finalize the AAR documentation.
-
+# Realizar una revisión posterior a la acción (Conduct an After Action Review, AAR)
+
+1. Programe una reunión de revisión posterior a la acción (AAR) dentro de {{AAR_SLA}} e invite a los asistentes que figuran en {{AAR_ATTENDEES}}. Incluya siempre a los siguientes:
+    * El Incident Commander.
+    * Los propietarios de los servicios implicados en el incidente.
+    * Ingeniero(s)/responsable(s) clave(s) implicado(s) en el incidente.
+1. Designe a un propietario del AAR que investigue el incidente antes de la reunión para prepararlo, estudiando el proceso del incidente en sí, incluyendo la revisión de notas e informes.
+
+## Realización de la reunión AAR
+
+Documente las respuestas a las siguientes preguntas clave:
+
+1. **¿Qué ocurrió?** Cree una línea de tiempo, apoyada con datos u otros artefactos. **Evitar las culpas. Busca los hechos.**
+1. **¿Qué se suponía que iba a ocurrir?**
+    * Detallar las desviaciones del proceso, el procedimiento o las mejores prácticas, incluidas las evaluaciones de los SME.
+    * Identifique las formas en que el incidente podría haberse detectado antes o haberse respondido con mayor eficacia.
+1. **¿Cuáles fueron las causas fundamentales?** Encuentre la raíz de lo que ocurrió y de lo que debería haber ocurrido.
+1. **¿Cómo podemos mejorar?**  Capture los elementos de acción con asignados y fechas de vencimiento. Considerar:
+    * Detener: ¿Qué debemos dejar de hacer?
+    * Empezar: ¿Qué deberíamos empezar a hacer?
+    * Continuar: ¿Qué debemos seguir haciendo?
+
+## Comunicar el estado y los resultados del AAR
+
+El propietario del informe, en coordinación con el enlace interno, comunicará el estado del informe (véase más abajo).
+
+### Descripciones de estado
+
+| Estado          | Descripción                                                                                                                                                                                                                                                                                                              |
+|-----------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Borrador**    | La investigación de la AAR sigue en curso                                                                                                                                                                                                                                                                                |
+| **En revisión** | La investigación AAR se ha completado, y está lista para ser revisada durante la reunión AAR.                                                                                                                                                                                                                            |
+| **Revisado**    | La reunión de AAR ha terminado y el contenido ha sido revisado y acordado. <br/>Si hay "Mensajes externos" adicionales, el equipo de comunicación tomará medidas para prepararlos.                                                                                                                                            |
+| **Cerrado**     | No es necesario realizar más acciones en el AAR (los problemas pendientes se rastrean en los tickets).<br>Si no hay "Mensajes Externos", pase directamente a esto una vez que la reunión haya terminado.<br/>Si hay "Mensajes Externos" adicionales, el equipo de comunicaciones actualizará el AAR Cerrado una vez enviado. |
+
+Comunicar internamente los resultados del AAR y finalizar la documentación del AAR.
diff --git a/documentosEmpresa/IS-1.a.02-G3.docx-1.pdf b/documentosEmpresa/IS-1.a.02-G3.docx-1.pdf
diff --git a/documentosEmpresa/plan_director_de_seguridad_clasificacion_y_priorizacion.xlsx b/documentosEmpresa/plan_director_de_seguridad_clasificacion_y_priorizacion.xlsx
diff --git a/documentosEmpresa/plan_director_de_seguridad_hoja_para_el_analisis_de_riesgos.xlsm b/documentosEmpresa/plan_director_de_seguridad_hoja_para_el_analisis_de_riesgos.xlsm
diff --git a/documentosEmpresa/plan_director_de_seguridad_inventario_activos.xlsx b/documentosEmpresa/plan_director_de_seguridad_inventario_activos.xlsx