Back

Include measures to prevent similar incidents from occurring in the incident response report.


CONTROL ID
12720
CONTROL TYPE
Establish/Maintain Documentation
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS



This Control directly supports the implied Control(s):
  • Create an incident response report following an incident response., CC ID: 12700

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH



  • Conducting post-mortem analysis and reviews to identify causes of information security incidents, developing corrective actions and reassessing risk, and adjusting controls suitably to reduce the related risks in the future (Critical components of information security 10) (ii) i., Guidelines on Information Security, Electronic Banking, Technology Risk Management and Cyber Frauds)
  • Measures to prevent similar or related incidents from occurring. (§ 7.3.12.c.iii., Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • A trend analysis of past incidents should be performed by the FI to identify commonalities and patterns in the incidents, and verify if the root causes to the problems had been properly identified and resolved. The FI should also use the analysis to determine if further corrective or preventive meas… (§ 7.8.3, Technology Risk Management Guidelines, January 2021)
  • Measures to prevent further occurrence of similar information security events are defined and implemented. (1.6.1 Requirements (should) Bullet 2, Information Security Assessment, Version 5.1)
  • The organization shall analyse data and trends on incidents to identify problems. The organization shall undertake root cause analysis and determine potential actions to prevent the occurrence or recurrence of incidents. (§ 8.6.3 ¶ 1, ISO/IEC 20000-1:2018, Information technology — Service management —Part 1: Service management system requirements, Third Edition)
  • When an unauthorized use or disclosure of personal information has occurred, the affected information is identified and actions are taken to help prevent future recurrence and address control failures to support the achievement of entity objectives. (CC7.3 ¶ 5 Bullet 2 Determines Personal Information Used or Disclosed, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • When an unauthorized use or disclosure of confidential information has occurred, the affected information is identified and actions are taken to help prevent future recurrence and address control failures to support the achievement of entity objectives. (CC7.3 ¶ 4 Bullet 2 Determines Confidential Information Used or Disclosed, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus – 2022))
  • A government agency shall submit a written report to the legislature within twenty days after discovery of a security breach at the government agency that details information relating to the nature of the breach, the number of individuals affected by the breach, a copy of the notice of security brea… (§ 487N-4 ¶ 1, Hawaii Revised Statutes Volume 11 Chapter 487N, Security Breach of Personal Information)