Back

Include the reimbursement of customers for financial losses due to incidents in the Incident Response program.


CONTROL ID
12756
CONTROL TYPE
Business Processes
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an Incident Response program., CC ID: 00579

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • Principle: Firms should establish policies and procedures, as well as roles and responsibilities for escalating and responding to cybersecurity incidents. Effective practices for incident response include: - preparation of incident responses for those types of incidents to which the firm is most lik… (Incident Response Planning, Report on Cybersecurity Practices)