17
Incident Response Management
Establish a program to develop and maintain an incident response capability (e.g., policies, plans, procedures, defined roles, training, and communications) to prepare, detect, and quickly respond to an attack.
Why Is This Control Critical?
Cyber incidents are now just part of our way of life. Even large, well-funded, and technically sophisticated enterprises struggle to keep up with the frequency and complexity of attacks. The question of a successful cyber attack against an enterprise is not 'if' but 'when.' When an incident occurs, if an enterprise does not already have a well-planned incident response capability, victims tend to make a series of mistakes that can delay remediation or exacerbate the damages from the attack.
Related Policy Templates
Safeguards (9)
| ID | Title | Asset Type | Function | Implementation Groups |
|---|---|---|---|---|
| 17.1 | Designate Personnel to Manage Incident Handling | N/A | Respond |
IG1
IG2
IG3
|
| 17.2 | Establish and Maintain Contact Information for Reporting Security Incidents | N/A | Respond |
IG1
IG2
IG3
|
| 17.3 | Establish and Maintain an Enterprise Process for Reporting Incidents | N/A | Respond |
IG1
IG2
IG3
|
| 17.4 | Establish and Maintain an Incident Response Process | N/A | Respond |
IG2
IG3
|
| 17.5 | Assign Key Roles and Responsibilities | N/A | Respond |
IG2
IG3
|
| 17.6 | Define Mechanisms for Communicating During Incident Response | N/A | Respond |
IG2
IG3
|
| 17.7 | Conduct Routine Incident Response Exercises | N/A | Recover |
IG2
IG3
|
| 17.8 | Conduct Post>Incident Reviews | N/A | Recover |
IG2
IG3
|
| 17.9 | Establish and Maintain Security Incident Thresholds | N/A | Recover |
IG3
|