Incident Response and Management
CIS Control 19
Protect the organization’s information, as well as its reputation, by developing and implementing an incident response infrastructure (i.e., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker’s presence, and restoring the integrity of the network and systems.
Why is this Critical?
With cyberattacks on the rise, organizations need to have defined processes and procedures in place to discover, respond to, remediate, and recover from incidents to prevent considerable damage to their data, financial standing, and reputation. When an incident occurs, it’s too late to develop the right procedures, reporting, data collection, legal protocols, and communications strategy.
This CIS Control focuses on ensuring a written incident response program is in place which defines the roles of personnel, the phases of incident handling and management, and involving third-party stakeholders such as law enforcement, relevant government agencies, vendors, and legal resources involved in reporting a security incident.