Back

Mitigate reported incidents.


CONTROL ID
12973
CONTROL TYPE
Actionable Reports or Measurements
CLASSIFICATION
Preventive

SUPPORTING AND SUPPORTED CONTROLS




This Control directly supports the implied Control(s):
  • Establish, implement, and maintain an Incident Response program., CC ID: 00579

There are no implementation support Controls.


SELECTED AUTHORITY DOCUMENTS COMPLIED WITH




  • AIs should have in place a problem management system to respond promptly to IT operational incidents, to escalate reported incidents to relevant IT management staff and to record, analyse and keep track of all these incidents until rectification of the incidents. A helpdesk function can be set up to… (5.1.3, Hong Kong Monetary Authority: TM-G-1: General Principles for Technology Risk Management, V.1 – 24.06.03)
  • A person who operates an information and communications network, including a provider of information and communications services, shall analyze causes of intrusion and keep damage from intrusion at bay, whenever an intrusion occurs. (Article 48-4(1), Act On Promotion of Information and Communications Network Utilization and Information Protection, Amended by Act No. 14080, Mar. 22, 2016)
  • The FI should establish clear roles and responsibilities of staff involved in the problem management process. The FI should identify, classify, prioritise and address all problems in a timely manner. (§ 7.4.2, Monetary Authority of Singapore: Technology Risk Management Guidelines)
  • Resolve each issue and document the outcome. (OCEG GRC Capability Model, v. 3.0, P8.3 Follow Resolution Processes, OCEG GRC Capability Model, v 3.0)
  • Design and, when necessary execute responses to identified or suspected undesirable conduct, conditions, events, or weaknesses in capabilities. (OCEG GRC Capability Model, v. 3.0, P8 Response, OCEG GRC Capability Model, v 3.0)
  • resolved if possible; (§ 8.6.3 ¶ 2(d), ISO/IEC 20000-1:2018, Information technology — Service management —Part 1: Service management system requirements, Third Edition)
  • The organization mitigates cybersecurity incidents in a timely manner. (RS.MI-2.1, CRI Profile, v1.2)
  • Incidents are mitigated. (RS.MI-2, CRI Profile, v1.2)
  • Newly identified vulnerabilities are mitigated or documented as accepted risks. (RS.MI-3, CRI Profile, v1.2)
  • The organization mitigates cybersecurity incidents in a timely manner. (RS.MI-2.1, Financial Services Sector Cybersecurity Profile, Version 1.0.0)
  • Corrective action. Upon any responsible SCI personnel having a reasonable basis to conclude that an SCI event has occurred, each SCI entity shall begin to take appropriate corrective action which shall include, at a minimum, mitigating potential harm to investors and market integrity resulting from … (§242.1002(a), 17 CFR PART 242, Regulations M, SHO, ATS, AC, NMS, and SBSR and Customer Margin Requirements for Security Futures)
  • mitigating risks associated with such incidents before substantial damage is done; (§ 3554(b)(7)(C)(i), Federal Information Security Modernization Act of 2014)
  • Implementation specification: Response and reporting (Required). Identify and respond to suspected or known security incidents; mitigate, to the extent practicable, harmful effects of security incidents that are known to the covered entity or business associate; and document security incidents and t… (§ 164.308(a)(6)(ii), 45 CFR Part 164 - Security and Privacy, current as of July 6, 2020)
  • Incidents are mitigated (RS.MI-2, Framework for Improving Critical Infrastructure Cybersecurity, v1.1)
  • Newly identified vulnerabilities are mitigated or documented as accepted risks (RS.MI-3, Framework for Improving Critical Infrastructure Cybersecurity, v1.1)
  • Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. (T0432, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Diagnose and resolve customer reported system incidents, problems, and events. (T0468, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Mitigate effects of a use or disclosure of personal information by employees or business partners (T0911, National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework, NIST Special Publication 800-181)
  • Collect and analyze intrusion artifacts (e.g., source code, malware, and system configuration) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. (T0432, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Diagnose and resolve customer reported system incidents, problems, and events. (T0468, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Mitigate effects of a use or disclosure of personal information by employees or business partners (T0911, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • Collect intrusion artifacts (e.g., source code, malware, Trojans) and use discovered data to enable mitigation of potential cyber defense incidents within the enterprise. (T0278, Reference Spreadsheet for the Workforce Framework for Cybersecurity (NICE Framework)”, July 7, 2020)
  • measures to reverse or mitigate the effects of the incident. (Art. 48 § 2 II, Brazilian Law No. 13709, of August 14, 2018)