Designation of an incident management team

Critical
High
Normal
Low

The organization shall ensure that clear persons are assigned to incident management responsibilities, e.g. handling the first response for incidents.

Incident management personnel need to be instructed and trained to understand the organization's priorities in dealing with security incidents.

Connected other frameworks and requirements:
16.1.3: Reporting information security weaknesses
ISO 27001
16.1.2: Reporting information security events
ISO 27001
ID.RA-3: Threat identification
NIST CSF
RS.CO-1: Personnel roles
NIST CSF
5.25: Assessment and decision on information security events
ISO 27001

The first level response process to security incidents

Critical
High
Normal
Low

The organization has defined a process and the team involved in responding promptly to security incidents and deciding on the appropriate actions.

The first level response process includes at least:

  • effectively seeking to confirm the identified incident
  • deciding on the need for immediate response
Connected other frameworks and requirements:
16.1.4: Assessment of and decision on information security events
ISO 27001
DE.AE-4: Impact of events
NIST CSF
RS.RP: Response Planning
NIST CSF
RS.RP-1: Incident response plan
NIST CSF
RS.AN-4: Incident categorization
NIST CSF
No items found.