Back

Include business recovery procedures in the Incident Response program.


CONTROL ID
11774
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an Incident Response program., CC ID: 00579

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • the process for overseeing the recovery and restoration efforts of the affected facilities and the business services. (4.2.2 Bullet 7, Hong Kong Monetary Authority Supervisory Policy Manual TM-G-2 Business Continuity Planning, V.1 - 02.12.02)
  • Verify the incident response plan includes procedures for business recovery and Business Continuity. (§ 12.9.1.a Bullet 3, Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance All other Merchants and all SAQ-Eligible Service Providers, Version 2.0)
  • Verify the incident response plan includes business recovery and continuity procedures. (Testing Procedures § 12.10.1.a Bullet 3, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures - Testing Procedures, 3)
  • Verify the incident response plan includes procedures for business recovery and continuity. (§ 12.9.1.a Bullet 3 Testing Procedures, Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, 2.0)
  • Business recovery and continuity procedures. (12.10.1 Bullet 3, Payment Card Industry Data Security Standard Requirements and Testing Procedures, Defined Approach Requirements, Version 4.0)
  • Does the incident response plan address the business recovery and continuity procedures? (PCI DSS Question 12.10.1(b) Bullet 3, PCI DSS Self-Assessment Questionnaire A-EP and Attestation of Compliance, Version 3.0)
  • Does the incident response plan address the business recovery and continuity procedures? (PCI DSS Question 12.10.1(b) Bullet 3, PCI DSS Self-Assessment Questionnaire C and Attestation of Compliance, Version 3.0)
  • Business recovery and continuity procedures. (12.10.1 Bullet 3, Self-Assessment Questionnaire A and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Business recovery and continuity procedures. (12.10.1 Bullet 3, Self-Assessment Questionnaire A-EP and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Business recovery and continuity procedures. (12.10.1 Bullet 3, Self-Assessment Questionnaire C and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Business recovery and continuity procedures. (12.10.1 Bullet 3, Self-Assessment Questionnaire D for Merchants and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Business recovery and continuity procedures. (12.10.1 Bullet 3, Self-Assessment Questionnaire D for Service Providers and Attestation of Compliance for use with PCI DSS Version 4.0)
  • Once a nonconformity is identified, it should be investigated to determine the cause(s), so that corrective action can be focused on the appropriate part of the environmental management system. In developing a plan for addressing a nonconformity, the organization should consider what actions it shou… (10.2 ¶ 5, ISO 14004:2016, Environmental management systems — General guidelines on implementation, Third Edition)
  • The cloud service provider should provide the specifications of its backup capabilities to the cloud service customer. The specifications should include the following information, as appropriate: – scope and schedule of backups; – backup methods and data formats, including encryption, if relevan… (§ 12.3.1 Table: Cloud service provider, ISO/IEC 27017:2015, Information technology — Security techniques — Code of practice for information security controls based on ISO/IEC 27002 for cloud services, First edition 2015-12-15)
  • Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. (IR.2.092, Cybersecurity Maturity Model Certification, Version 1.0, Level 2)
  • Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. (IR.2.092, Cybersecurity Maturity Model Certification, Version 1.0, Level 3)
  • Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. (IR.2.092, Cybersecurity Maturity Model Certification, Version 1.0, Level 4)
  • Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. (IR.2.092, Cybersecurity Maturity Model Certification, Version 1.0, Level 5)
  • Incident response programs that include all affected lines of business and support units. (App A Objective 3.2.b, FFIEC Information Technology Examination Handbook - Information Security, September 2016)
  • Establish an operational incident-handling capability for organizational information systems that includes adequate preparation, detection, analysis, containment, recovery, and user response activities. (3.6.1, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171)
  • Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. (3.6.1, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171, Revision 1)
  • Establish an operational incident-handling capability for organizational systems that includes preparation, detection, analysis, containment, recovery, and user response activities. (3.6.1, Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations, NIST Special Publication 800-171, Revision 2)
  • The recovery portion of the incident response plan is executed once initiated from the incident response process (RC.RP-01, The NIST Cybersecurity Framework, v2.0)
  • assist the impacted State agency in any necessary recovery efforts to ensure effective return to a state of normal operations. (§ 12 (g) ¶ 1 (v), Illinois Compiled Statutes Chapter 815 Article 530 Sections 530/5 thru 530/25, Notice of Breach)
  • recover from Cybersecurity Events and restore normal operations and services; and (§ 500.02 Cybersecurity Program (b)(5), New York Codes, Rules and Regulations, Title 23, Chapter 1, Part 500 Cybersecurity Requirements for Financial Services Companies)
  • recover from cybersecurity events and restore normal operations and services; and (§ 500.2 Cybersecurity Program (b)(5), New York Codes, Rules and Regulations, Title 23, Chapter 1, Part 500 Cybersecurity Requirements for Financial Services Companies, Second Amendment)
  • As part of the licensee's information security program, a licensee shall establish a written incident response plan designed to promptly respond to, and recover from, any cybersecurity event that compromises the confidentiality, integrity, or availability of nonpublic information in the licensee's p… (26.1-02.2-03. 8., North Dakota Century Code, Title 26.1, Chapter 26.1‑02.2, Sections 1-11, Insurance Data Security)