Mitigate reported incidents.

Back

CONTROL ID
12973

CONTROL TYPE
Actionable Reports or Measurements

CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS

This Control directly supports the implied Control(s):

Establish, implement, and maintain an Incident Response program., CC ID: 00579

There are no implementation support Controls.

SELECTED AUTHORITY DOCUMENTS COMPLIED WITH

AIs should have in place a problem management system to respond promptly to IT operational incidents, to escalate reported incidents to relevant IT management staff and to record, analyse and keep track of all these incidents until rectification of the incidents. A helpdesk function can be set up to… (5.1.3, Hong Kong Monetary Authority: TM-G-1: General Principles for Technology Risk Management, V.1 â 24.06.03)
A person who operates an information and communications network, including a provider of information and communications services, shall analyze causes of intrusion and keep damage from intrusion at bay, whenever an intrusion occurs. (Article 48-4(1), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
The FI should establish clear roles and responsibilities of staff involved in the problem management process. The FI should identify, classify, prioritise and address all problems in a timely manner. (§ 7.4.2, Monetary Authority of Singapore: Technology Risk Management Guidelines)
A prerequisite for secure IT operations is a company that functions well. Sufficient resources must therefore be made available for operations. Typical problems encountered during IT operations (scarce resources, overburdened administrators, or an unstructured and poorly maintained IT environment) m… (§ 5 ¶ 4, BSI Standard 200-1, Information Security Management Systems (ISMS), Version 1.0)
Safeguards must be implemented that allow information processing errors (which may compromise confidentiality, availability, or integrity), mistakes that are critical to security, and security incidents to be avoided as far as possible, to be limited in their impact, or at least noticed prematurely.… (§ 8.3 Subsection 2 ¶ 1, BSI Standard 200-1, Information Security Management Systems (ISMS), Version 1.0)
There are well-defined and tested incident management processes in place, that aim to ensure continuity of essential functions in the event of system or service failure. Mitigation activities designed to contain or limit the impact of compromise are also in place. (D1. ¶ 1, NCSC CAF guidance, 3.1)
When an incident occurs, steps are taken to understand its root causes and to ensure appropriate remediating action is taken to protect against future incidents. (D2. ¶ 1, NCSC CAF guidance, 3.1)
When an incident occurs, steps must be taken to understand its root causes and ensure appropriate remediating action is taken. (D2.a ¶ 1, NCSC CAF guidance, 3.1)
Resolve each issue and document the outcome. (OCEG GRC Capability Model, v. 3.0, P8.3 Follow Resolution Processes, OCEG GRC Capability Model, v 3.0)
Design and, when necessary execute responses to identified or suspected undesirable conduct, conditions, events, or weaknesses in capabilities. (OCEG GRC Capability Model, v. 3.0, P8 Response, OCEG GRC Capability Model, v 3.0)
resolved if possible; (§ 8.6.3 ¶ 2(d), ISO/IEC 20000-1:2018, Information technology â Service management âPart 1: Service management system requirements, Third Edition)
Procedures are in place to mitigate the effects of ongoing security incidents. (CC7.4 ¶ 3 Bullet 3 Mitigates Ongoing Security Incidents, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (with Revised Points of Focus â 2022))
The organization mitigates cybersecurity incidents in a timely manner. (RS.MI-2.1, CRI Profile, v1.2)
Incidents are mitigated. (RS.MI-2, CRI Profile, v1.2)
Newly identified vulnerabilities are mitigated or documented as accepted risks. (RS.MI-3, CRI Profile, v1.2)
The organization mitigates cybersecurity incidents in a timely manner. (RS.MI-2.1, Financial Services Sector Cybersecurity Profile, Version 1.0.0)
Corrective action. Upon any responsible SCI personnel having a reasonable basis to conclude that an SCI event has occurred, each SCI entity shall begin to take appropriate corrective action which shall include, at a minimum, mitigating potential harm to investors and market integrity resulting from … (§242.1002(a), 17 CFR PART 242, Regulations M, SHO, ATS, AC, NMS, and SBSR and Customer Margin Requirements for Security Futures)
mitigating risks associated with such incidents before substantial damage is done; (§ 3554(b)(7)(C)(i), Federal Information Security Modernization Act of 2014)
Implementation specification: Response and reporting (Required). Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity or business associate; and document security incidents and t… (§ 164.308(a)(6)(ii), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
Incidents are mitigated (RS.MI-2, Framework for Improving Critical Infrastructure Cybersecurity, v1.1)
Newly identified vulnerabilities are mitigated or documented as accepted risks (RS.MI-3, Framework for Improving Critical Infrastructure Cybersecurity, v1.1)
Incidents are mitigated (RS.MI-2, Framework for Improving Critical Infrastructure Cybersecurity, v1.1 (Draft))
Newly identified vulnerabilities are mitigated or documented as accepted risks (RS.MI-3, Framework for Improving Critical Infrastructure Cybersecurity, v1.1 (Draft))
Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. (T0432, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
Diagnose and resolve customer reported system incidents, problems, and events. (T0468, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
Mitigate effects of a use or disclosure of personal information by employees or business partners (T0911, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. (T0432, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)
Diagnose and resolve customer reported system incidents, problems, and events. (T0468, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)
Mitigate effects of a use or disclosure of personal information by employees or business partners (T0911, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)
Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. (T0278, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)â, July 7, 2020)
Incidents are eradicated (RS.MI-02, The NIST Cybersecurity Framework, v2.0)
Activities are performed to prevent expansion of an event and mitigate its effects (Incident Mitigation (RS.MI), The NIST Cybersecurity Framework, v2.0)
identification of requirements for the remediation of any identified weaknesses in information systems and associated controls; (§ 500.16 Incident Response and Business Continuity Management (a)(1)(v), New York Codes, Rules and Regulations, Title 23, Chapter 1, Part 500 Cybersecurity Requirements for Financial Services Companies, Second Amendment)
measures to reverse or mitigate the effects of the incident. (Art. 48 § 2 II, Brazilian Law No. 13709, of August 14, 2018)