Policies Section
  1. Controls List
  2. Access Controls
  3. Training controls
  4. Audit Controls
  5. Certification
  6. Configuration Management
  7. Contingency Planning
  8. Authentication
  9. Incident Response
  10. Maintenance Controls
  11. Media Protection
  12. Physical Controls
  13. Security Planning
  14. Personnel Security
  15. Risk Assessment
  16. Acquisition
  17. Protection
  18. Integrity
  19. Actions and Controls
Policies Section

Incident Response (from NIST)

This incident response control list and description are meant to tie incident response to an activity or behavior. For NIST's descriptions, see NIST Special Publication 800-53 Recommended Security Controls for Federal Information Systems.

  • Incident response policy and procedures - The incident response policy and plan defines roles, responsibilities, and compliance when dealing with an incident. It defines what a security incident is. The incident response plan may outline the incident response phases describing actions during each phase. It discusses how information is passed to the appropriate personnel, assessment of the incident, minimising damage and response strategy, documentation, and preservation of evidence. The incident response plan will establish procedures for handing various security incidents. (low)
  • Incident response training - Staff members should be trained regarding their roles in the incident response plan. Simulated events may be used as part of the training tools. (moderate)
  • Incident response testing - The incident response plan is tested through simulations. The test results are documented and used to determine weaknesses in the plan and where more training is needed. (moderate)
  • Incident handling - The organization should have an incident response plan defining what an incident is, areas of responsibility, documents incident response phases, and establishes procedures for incidents. The organization must be able to detect security incidents, contain them, neutralize them, and recover from them. (low)
  • Incident monitoring - Security incidents are monitored and logged. (moderate)
  • Incident reporting - Incident reporting should be prompt. The incident response plan should discuss incident reporting. (low)
  • Incident response assistance - Incident response assistance such as a help desk is provided to the users by the organization for the purpose of reporting security incidents. (low)