Back

Include the reasons the incident occurred in the incident response report.


CONTROL ID
12711
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Create an incident response report following an incident response., CC ID: 12700

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • A business operator of clustered information and communications facilities shall, when it suspends its services in accordance with paragraph (1), immediately notify users of facilities of the suspension of services, specifically stating the reasons for the suspension, the date, time, period, and det… (Article 46-2(2), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
  • Why and how did the incident happen? (§ 7.3.12.a.iii., Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • determining the cause(s) of the incident or nonconformity; (§ 10.2 ¶ 2 b) 2), ISO 45001:2018, Occupational health and safety management systems — Requirements with guidance for use, First Edition)
  • Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation. (T0163, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Perform cyber defense incident triage, to include determining scope, urgency, and potential impact, identifying the specific vulnerability, and making recommendations that enable expeditious remediation. (T0163, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • The cause of the breach, including the relationship between the person or entity that experienced the breach and the person responsible for the breach, if known; (§ 28?3852. (b-1)(6), Code of the District of Columbia Title 28 Chapter 38 Subchapter II, Consumer Security Breach Notification)