Back

Include incident response escalation procedures in the internal control framework.


CONTROL ID
11745
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an internal control framework., CC ID: 00820

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • the identification of measures relating to preparedness, response and recovery, including cooperation between the public and private sectors; (Art. 7.1(c), Directive (EU) 2016/1148 OF The European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union)
  • Reports of unscheduled deviations from standard operations (disruptions) and their causes shall, in a suitable way, be recorded, evaluated, prioritised with particular regard to potentially resulting risks, and escalated according to defined criteria. The processing, analysis of causes, and identifi… (II.7.50, Circular 10/2017 (BA): Supervisory Requirements for IT in Financial Institutions, 14.09.2018)
  • Your organisation has established roles and responsibilities for the security of networks and information systems at all levels, with clear and well-understood channels for communicating and escalating risks. (A1.b ¶ 1, NCSC CAF guidance, 3.1)
  • Verify that responsibility for creating and distributing security incident response and escalation procedures is formally assigned. (§ 12.5.3, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire B and Attestation of Compliance Imprint Machines or Stand-alone Dial-out Terminals Only, no Electronic Cardholder Data Storage, Version 2.0)
  • The organization must ensure that security incident response and escalation procedures have been developed, documented, and distributed to the appropriate personnel. (§ 12.5.3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
  • Verify that responsibility for creating and distributing security incident response and escalation procedures is formally assigned. (§ 12.5.3 Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
  • Does the plan address the following, at a minimum: - Roles, responsibilities, and communication and contact strategies in the event of a compromise including notification of the payment brands, at a minimum? - Specific incident response procedures? - Business recovery and continuity procedures? - Da… (12.10.1 (b), Payment Card Industry (PCI) Data Security Standard, Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.1)
  • Is the information security management responsibilities for establishing, documenting, and distributing security incident response and escalation procedures to ensure timely and effective handling of all situations formally assigned to an individual or a team? (PCI DSS Question 12.5.3, PCI DSS Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.0)
  • escalated if needed; (§ 8.7.3.3 ¶ 1(c), ISO/IEC 20000-1:2018, Information technology — Service management —Part 1: Service management system requirements, Third Edition)
  • Principle: Firms should establish policies and procedures, as well as roles and responsibilities for escalating and responding to cybersecurity incidents. Effective practices for incident response include: - preparation of incident responses for those types of incidents to which the firm is most lik… (Incident Response Planning, Report on Cybersecurity Practices)
  • Approves a policy to escalate and report significant security incidents to the board, steering committee, government agencies, and law enforcement, as appropriate. (App A Objective 2:2 f., FFIEC Information Technology Examination Handbook - Management, November 2015)
  • Appropriate escalation procedures in place depending on the content of the reporting. (App A Objective 13:7 d., FFIEC Information Technology Examination Handbook - Management, November 2015)
  • Respond to issues flagged during continuous monitoring, escalate and coordinate a response. (T1006, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)