Joint task force transformation initiative


IR-7 INCIDENT RESPONSE ASSISTANCE



Download 5.8 Mb.
Page96/186
Date31.01.2017
Size5.8 Mb.
#13082
1   ...   92   93   94   95   96   97   98   99   ...   186


IR-7 INCIDENT RESPONSE ASSISTANCE


Control: The organization provides an incident response support resource, integral to the organizational incident response capability that offers advice and assistance to users of the information system for the handling and reporting of security incidents.

Supplemental Guidance: Incident response support resources provided by organizations include, for example, help desks, assistance groups, and access to forensics services, when required. Related controls: AT-2, IR-4, IR-6, IR-8, SA-9.

Control Enhancements:

  1. incident response assistance | automation support for availability of information / support

The organization employs automated mechanisms to increase the availability of incident response-related information and support.

Supplemental Guidance: Automated mechanisms can provide a push and/or pull capability for users to obtain incident response assistance. For example, individuals might have access to a website to query the assistance capability, or conversely, the assistance capability may have the ability to proactively send information to users (general distribution or targeted) as part of increasing understanding of current response capabilities and support.

  1. incident response assistance | coordination with external providers

The organization:

    1. Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and

    2. Identifies organizational incident response team members to the external providers.

Supplemental Guidance: External providers of information system protection capability include, for example, the Computer Network Defense program within the U.S. Department of Defense. External providers help to protect, monitor, analyze, detect, and respond to unauthorized activity within organizational information systems and networks.

References: None.

Priority and Baseline Allocation:

P2

LOW IR-7

MOD IR-7 (1)

HIGH IR-7 (1)



IR-8 INCIDENT RESPONSE PLAN


Control: The organization:

  1. Develops an incident response plan that:

  1. Provides the organization with a roadmap for implementing its incident response capability;

  2. Describes the structure and organization of the incident response capability;

  3. Provides a high-level approach for how the incident response capability fits into the overall organization;

  4. Meets the unique requirements of the organization, which relate to mission, size, structure, and functions;

  5. Defines reportable incidents;

  6. Provides metrics for measuring the incident response capability within the organization;

  7. Defines the resources and management support needed to effectively maintain and mature an incident response capability; and

  8. Is reviewed and approved by [Assignment: organization-defined personnel or roles];

  1. Distributes copies of the incident response plan to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements];

  2. Reviews the incident response plan [Assignment: organization-defined frequency];

  3. Updates the incident response plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing;

  4. Communicates incident response plan changes to [Assignment: organization-defined incident response personnel (identified by name and/or by role) and organizational elements]; and

  5. Protects the incident response plan from unauthorized disclosure and modification.

Supplemental Guidance: It is important that organizations develop and implement a coordinated approach to incident response. Organizational missions, business functions, strategies, goals, and objectives for incident response help to determine the structure of incident response capabilities. As part of a comprehensive incident response capability, organizations consider the coordination and sharing of information with external organizations, including, for example, external service providers and organizations involved in the supply chain for organizational information systems. Related controls: MP-2, MP-4, MP-5.

Control Enhancements: None.

References: NIST Special Publication 800-61.

Priority and Baseline Allocation:

P1

LOW IR-8

MOD IR-8

HIGH IR-8

Directory: publications
publications -> Acm word Template for sig site
publications ->  Preparation of Papers for ieee transactions on medical imaging
publications -> Adjih, C., Georgiadis, L., Jacquet, P., & Szpankowski, W. (2006). Multicast tree structure and the power law
publications -> Swiss Federal Institute of Technology (eth) Zurich Computer Engineering and Networks Laboratory
publications -> Quantitative skills
publications -> Multi-core cpu and gpu implementation of Discrete Periodic Radon Transform and Its Inverse
publications -> List of Publications Department of Mechanical Engineering ucek, jntu kakinada
publications -> 1. 2 Authority 1 3 Planning Area 1
publications -> Sa michelson, 2011: Impact of Sea-Spray on the Atmospheric Surface Layer. Bound. Layer Meteor., 140 ( 3 ), 361-381, doi: 10. 1007/s10546-011-9617-1, issn: Jun-14, ids: 807TW, sep 2011 Bao, jw, cw fairall, sa michelson

Download 5.8 Mb.

Share with your friends:
1   ...   92   93   94   95   96   97   98   99   ...   186



The database is protected by copyright ©ininet.org 2024
send message
    Main page
federal government
private sector
national institute
guidance provided