Back

Disseminate and communicate the final incident report, which includes the investigation results and any remediation activity results.


CONTROL ID
12306
CONTROL TYPE
Actionable Reports or Measurements
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an Incident Response program., CC ID: 00579

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • The FI should include in its incident report an executive summary of the incident, an analysis of root cause which triggered the event, its impact as well as measures taken to address the root cause and consequences of the event. (§ 7.3.11, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • When required or appropriate, disclose resolution of investigations to relevant stakeholders. (OCEG GRC Capability Model, v. 3.0, P8.6 Determine Disclosures, OCEG GRC Capability Model, v 3.0)
  • Resolve each issue and document the outcome. (OCEG GRC Capability Model, v. 3.0, P8.3 Follow Resolution Processes, OCEG GRC Capability Model, v 3.0)
  • These evaluations shall be undertaken through periodic reviews, exercising, testing, post-incident reporting and performance evaluations. Significant changes arising shall be reflected in the procedure(s) in a timely manner; (§ 9.1.2 b), ISO 22301: Societal Security - Business Continuity Management Systems - Requirements, Corrected Version)
  • incidents or crises, where transparency is often key to preserve and increase trust and confidence in the organization's capability to manage its information security and deal with unexpected situations; (§ 7.4 Guidance ¶ 2(d), ISO/IEC 27003:2017, Information technology — Security techniques — Information security management systems — Guidance, Second Edition, 2017-03)
  • Respond to security violations by notifying the proper authorities, reporting needed evidence of the violation and taking timely corrective action when incidents are discovered. (10.1 ¶ 1, Security for Industrial Automation and Control Systems, Part 4-2: Technical Security Requirements for IACS components)
  • Reading internal audit reports, third-party assessments, audit committee presentations, and other documentation related to the service organization's monitoring activities, system incidents, or investigative activities (¶ 3.59 Bullet 10, Reporting on Controls at a Service Organization: Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC2), current as of January 1, 2018)
  • If an SCI event is resolved and the SCI entity's investigation of the SCI event is closed within 30 calendar days of the occurrence of the SCI event, then within five business days after the resolution of the SCI event and closure of the investigation regarding the SCI event, submit a final written … (§242.1002(b)(4)(i)(A), 17 CFR PART 242, Regulations M, SHO, ATS, AC, NMS, and SBSR and Customer Margin Requirements for Security Futures)
  • Within five business days after the resolution of such SCI event and closure of the investigation regarding such SCI event, submit a final written notification pertaining to such SCI event to the Commission containing the information required in paragraph (b)(4)(ii) of this section. (§242.1002(b)(4)(i)(B)(2), 17 CFR PART 242, Regulations M, SHO, ATS, AC, NMS, and SBSR and Customer Margin Requirements for Security Futures)
  • DoD CSP's (e.g., milCloud's) Cyberspace Defense providers will report all incidents using the Joint Incident Management System (JIMS) IAW normal DoD processes. (Section 6.5.3 ¶ 1, Department of Defense Cloud Computing Security Requirements Guide, Version 1, Release 3)
  • Determine whether the institution has risk monitoring and reporting processes that address changing threat conditions in both the institution and the greater financial industry. Determine whether these processes address information security events faced by the institution, the effectiveness of manag… (App A Objective 7.1, FFIEC Information Technology Examination Handbook - Information Security, September 2016)
  • Write and publish cyber defense recommendations, reports, and white papers on incident findings to appropriate constituencies. (T0546, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Provide technical documents, incident reports, findings from computer examinations, summaries, and other situational awareness information to higher headquarters. (T0213, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Write and publish cyber defense recommendations, reports, and white papers on incident findings to appropriate constituencies. (T0546, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)