:star: G19 Incident Handling and Response (:checkered_flag: G19-6 Publish…
:star: G19 Incident Handling and Response
Ensure that there are written incident responce procedures
that include a definition of personnel roles
for handling incidents.
The procedures should define the phases of incident handling.
Assign job titles and duties
for handling computer and network incidents
to specific individuals.
Define management personnel who will support the incident handling process
by acting in key decision-making roles.
Devise organization-wide standards for the time required for system administrators
and other personnel
anomalous events to the incident handling team
the mechanisms for such reporting
and the kind of information that shoud be included in the incident notification.
This reporting should also include
notifying the appropriate Community Emergency Responce Team
in accordance with all legal or regulatory requirements
for involving that organization in computer incidents.
Assemble and maintain information on third-party contact information
to be used to report a security incident
(e.g., maintain an e-mail address of
or have a web page
Publish information for all personnel
including employees and contractors
regarding reporting computer anomalies and incidents
to the incident handling team.
Such information should be included
in routine employee awareness activities.
Conduct periodic incident scenario sessions
for personnel associated with the incident handling team
to ensure that they understand current threats and risks
as well as their responsibilities in supporting the incident handling team.