Back

Include when the incident occurred in the incident response report.


CONTROL ID
12709
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Create an incident response report following an incident response., CC ID: 12700

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • A business operator of clustered information and communications facilities shall, when it suspends its services in accordance with paragraph (1), immediately notify users of facilities of the suspension of services, specifically stating the reasons for the suspension, the date, time, period, and det… (Article 46-2(2), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
  • Point of time the personal information is leaked; (Article 27-3(1)(2), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
  • When did it happen? (§ 7.3.12.a.i., Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • the date the cyber security incident occurred (Security Control: 0125; Revision: 4; Bullet 1, Australian Government Information Security Manual, March 2021)
  • The date of the cybersecurity incident, estimated date of the cybersecurity incident, or the date range within which the cybersecurity incident occurred. (§ 11-49.3-7. (c)(2), Rhode Island General Laws Title 11 Chapter 49.3, Sections 4 thru 7, Notification of Breach)