Monday, December 19, 2011

Security Control: Incident Response - Class: Operational

IR-1 INCIDENT RESPONSE POLICY AND PROCEDURES


Control

 

The organization develops, disseminates, and periodically reviews/updates: (i) a formal, documented, incident response policy that addresses purpose, scope, roles, responsibilities, and compliance; and (ii) formal, documented procedures to facilitate the implementation of the incident response policy and associated incident response controls.

Supplemental Guidance

The incident response policy and procedures are consistent with applicable federal laws, directives, policies, regulations, standards, and guidance. The incident response policy can be included as part of the general information security policy for the organization. Incident response procedures can be developed for the security program in general, and for a particular information system, when required. NIST Special Publication 800-61 provides guidance on incident handling and reporting. NIST Special Publication 800-12 provides guidance on security policies and procedures.

Control Enhancements

None.

LOW

IR-1

MOD

IR-1

HIGH

IR-1

 

IR-2 INCIDENT RESPONSE TRAINING


Control

 

The organization trains personnel in their incident response roles and responsibilities with respect to the information system and provides refresher training [Assignment: organization-defined frequency, at least annually].

Supplemental Guidance

None.

Control Enhancements

(1) The organization incorporates simulated events into incident response training to facilitate effective response by personnel in crisis situations.

(2) The organization employs automated mechanisms to provide a more thorough and realistic training environment.

LOW

Not Selected

MOD

IR-2

HIGH

IR-2 (1) (2)

 

IR-3 INCIDENT RESPONSE TESTING


Control

 

The organization tests the incident response capability for the information system [Assignment: organization-defined frequency, at least annually] using [Assignment: organization-defined tests and exercises] to determine the incident response effectiveness and documents the results.

Supplemental Guidance

None.

Control Enhancements

(1) The organization employs automated mechanisms to more thoroughly and effectively test the incident response capability.

LOW

Not Selected

MOD

IR-3

HIGH

IR-3 (1)

 

IR-4 INCIDENT HANDLING


Control

 

The organization implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery.

Supplemental Guidance

The organization incorporates the lessons learned from ongoing incident handling activities into the incident response procedures and implements the procedures accordingly.

Control Enhancements

(1) The organization employs automated mechanisms to support the incident handling process.

LOW

IR-4

MOD

IR-4 (1)

HIGH

IR-4 (1)

 

IR-5 INCIDENT MONITORING


Control

 

The organization tracks and documents information system security incidents on an ongoing basis.

Supplemental Guidance

None.

Control Enhancements

(1) The organization employs automated mechanisms to assist in the tracking of security incidents and in the collection and analysis of incident information.

LOW

Not Selected

MOD

IR-5

HIGH

IR-5 (1)

 

IR-6 INCIDENT REPORTING


Control

 

The organization promptly reports incident information to appropriate authorities.

Supplemental Guidance

The types of incident information reported, the content and timeliness of the reports, and the list of designated reporting authorities or organizations are consistent with applicable federal laws, directives, policies, regulations, standards, and guidance.

Control Enhancements

(1) The organization employs automated mechanisms to assist in the reporting of security incidents.

LOW

IR-6

MOD

IR-6 (1)

HIGH

IR-6 (1)

 

IR-7 INCIDENT RESPONSE ASSISTANCE


Control

 

The organization provides an incident response support resource that offers advice and assistance to users of the information system for the handling and reporting of security incidents. The support resource is an integral part of the organization’s incident response capability.

Supplemental Guidance

Possible implementations of incident response support resources in an organization include a help desk or an assistance group and access to forensics services, when required.

Control Enhancements

(1) The organization employs automated mechanisms to increase the availability of incident response–related information and support.

LOW

IR-7

MOD

IR-7 (1)

HIGH

IR-7 (1)

No comments:

Hasleo Data Recovery FreeV3.2 - Free as in Freeware - Permanently from Hasleo Software

https://www.hasleo.com/win-data-recovery/free-data-recovery.html "Hasleo Data Recovery FreeV3.2 100% Free Data Recovery Software...