Back

Include incident response team services in the Incident Response program.


CONTROL ID
11766
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an Incident Response program., CC ID: 00579

This Control has the following implementation support Control(s):
  • Include the incident response training program in the Incident Response program., CC ID: 06750


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Depending on an incident's seriousness, Information Technology Service Continuity (ITSC) should be managed by the business continuity management team and the incident management team. An incident management team should be established for each IT service that is coordinated by a dedicated IT service … (§ 5.5.1 ¶ 4, § 8.4.2 ¶ 1(a), PAS 77 IT Service Continuity Management. Code of Practice, 2006)
  • The crisis management process should be supported by a predetermined high-level team (e.g., a Crisis Management Team), which includes a member of the organization's governing body (e.g., members of the board or equivalent). (CF.20.04.02a, The Standard of Good Practice for Information Security, 2013)
  • defined roles and responsibilities for people and teams having authority during and following an incident, (§ 8.4.4 ¶ 2 a), ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • The incident response plan must identify the responsible Computer Network Defense Service Provider. (VIIR-2, DoD Instruction 8500.2 Information Assurance (IA) Implementation)
  • The Incident Command System consists of five functions: command, planning, logistics, operations, and finance and administration. (Chap II.A.3, National Incident Management System (NIMS), Department of Homeland Security, December 2008)
  • Enable the use of response teams and responses depending on the type of event. (App A Objective 8.5.d, FFIEC Information Technology Examination Handbook - Information Security, September 2016)