Security Control 18:
Incident Response Capability

Protect the organization’s reputation, as well as its information: Develop an incident response plan with clearly delineated roles and responsibilities for quickly discovering an attack and then effectively containing the damage, eradicating the attacker’s presence, and restoring the integrity of the network and systems.

Key: REQ = Required, REC = Recommended, OPT = Optional

IDDetailsHighMedLow

18.1

Ensure there are written incident response procedures that include a definition of personnel roles for handling incidents.

REQ REQ REQ

18.2

Assign job titles and duties for handling computer and network incidents to specific individuals.

REQ REQ REQ

18.3

Define management personnel who will support the incident handling process by acting in key decision-making roles.

REQ REQ REQ

18.4

Devise standards for the time required for system administrators and other personnel to report anomalous events to the incident handling team, the mechanisms for such reporting, and the kind of information that should be included in the incident notification.

REQ REQ REQ

18.5

Publish information for all personnel, including employees and contractors, regarding reporting computer anomalies and incidents to the incident handling team. Such information should be included in routine employee awareness activities.

REQ REQ REQ

18.6

Conduct periodic incident scenario sessions for personnel associated with the incident handling team to ensure that they understand current threats and risks, as well as their responsibilities in supporting the incident handling team.

REQ REQ REQ

Additional Reading