Content library
Digital security overview
36: Häiriötilanteiden säännöllinen harjoittelu

How to fill the requirement

Digital security overview

36: Häiriötilanteiden säännöllinen harjoittelu

Task name
Priority
Status
Theme
Policy
Other requirements
Regular practice of security incident situations
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Incident management
Incident management and response
3
requirements

Task is fulfilling also these other security requirements

36: Häiriötilanteiden säännöllinen harjoittelu
Sec overview
1. Task description

The organization should regularly, at least once a year, practice potential disruption or attack situations.

The exercise can focus either on developing disturbance detection, response or management, or all of these.

Documentation of the implementation of exercises and observations must be maintained.

Regular testing and review of continuity plans
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
29
requirements

Task is fulfilling also these other security requirements

17.1.3: Verify, review and evaluate information security continuity
ISO27 Full
​​​​​​​ID.SC-5: Response and recovery
NIST
PR.IP-10: Response and recovery plan tests
NIST
RS.IM-2: Response strategies update
NIST
RC.IM-2: Recovery strategies
NIST
1. Task description

The organisation should regularly, at least annually, test and review its information security continuity plans to ensure that they are valid and effective in adverse situations.

Testing of continuity plans shall involve, as appropriate, stakeholders critical to each plan. The organisation should identify and document the necessary contacts with suppliers and partners

In addition, the adequacy of continuity plans and associated management mechanisms should be reassessed in the event of significant changes in operations.

No items found.