ITM Tech Cybersecurity Essentials Booklet - Flipbook - Page 36
CONTROL 17
36
17 - Incident Response Management
Safeguards Total
9
IG1
3/9
IG2
8/9
IG3
9/9
Establish a program to develop and maintain an incident response
capability (e.g., policies, plans, procedures, defined roles, training, and
communications) to prepare, detect, and quickly respond to an attack.
THE SAFEGUARDS
17.1 Designate Personnel to
Manage Incident Handling
N/A
N/A
N/A
the enterprise to successfully understand,
manage, and recover.
We cannot expect our protections to be
effective 100% of the time. When an
incident occurs, if an enterprise does not
have a documented plan—even with
good people—it is almost impossible to
know the right investigative procedures,
reporting, data collection, management
responsibility, legal protocols, and
communications strategy that will allow
Did You Know?
Respond
17.3 Establish and Maintain
an Enterprise Process for
Reporting Incidents
Why Is This CIS Control Critical?
A comprehensive cybersecurity program
includes protections, detections, response,
and recovery capabilities. Often, the
final two get overlooked in immature
enterprises, or the response technique to
compromised systems is just to re-image
them to original state, and move on. The
primary goal of incident response is to
identify threats on the enterprise, respond
to them before they can spread, and
remediate them before they can cause
harm. Without understanding the full
scope of an incident, how it happened,
and what can be done to prevent it from
happening again, defenders will just be in a
perpetual “whack-a-mole” pattern.
Respond
17.2 Establish and Maintain Contact
Information for Reporting
Security Incidents
65% of small businesses have failed to act following a cyber security incident. 23% of small
businesses have a leadership role dedicated to Cyber, whereas 46% have no defined role at
all. We have a Security Incident Response process in place to assist you if ever needed.
Respond
17.4 Establish and Maintain an
Incident Response Process
N/A
Respond
17.5 Assign Key Roles and
Responsibilities
N/A
Respond
17.6 Define Mechanisms for
Communicating During Incident
Response
N/A
Respond
17.7 Conduct Routine Incident
Response Exercises
N/A
Recover
17.8 Conduct Post-Incident Reviews
N/A
Recover
17.9 Establish and Maintain Security
Incident Thresholds
N/A
1
Recover
2
3
4
5
Asset Type Security Function
1= Asset Type
2= Security Function
3= Implentation Group 1
4= Implentation Group 2
5= Implentation Group 3
