Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
8. Incident Response<br />
These Incident Response Non-Mandatory Procedures support the Enterprise Security <strong>Policy</strong><br />
(ITEC 7230 Rev 1), the Computer Incident Response <strong>Policy</strong> (ITEC 7320) and the IT Security<br />
Response Protocols (ITEC 7320A).<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
8. Incident Response <br />
8.1. Incident Response<br />
8.1.1. Build a Team and Provide Training (4 sets) (4 sets)<br />
8.1.2. Build an Incident Response Capability (4 sets) (5 sets)<br />
8.1.3. Test the Plan (3 sets) (2 sets)<br />
8.1.4. Operate the Plan (5 sets) (3 sets)<br />
8.2. Maintain Records <br />
8.1. Incident Response<br />
The following are the Non-Mandatory Procedures that support the Incident Response<br />
section <strong>of</strong> the Default Security Requirements:<br />
8.1.1. Build a Team and Provide Training<br />
Incident response is a security control that requires specialized capabilities.<br />
Agencies should build a team to ensure those capabilities are always<br />
appropriately provided for:<br />
8.1.1.1 Identify Incident Response (IR) Roles<br />
To be able to efficiently and effectively respond to incidents as they<br />
occur, a variety <strong>of</strong> skills are required. Defining roles that <strong>of</strong>fer those<br />
skills ensures that appropriate personnel can be identified:<br />
• Identify the skills required for operation <strong>of</strong> an IR practice.<br />
• Identify the positional roles that provide those skills.<br />
8.1.1.2 Associate Personnel with IR Roles<br />
Once roles have been determined, individual employees must be<br />
associated with those roles according to the skill sets required <strong>of</strong> the<br />
role and available within the employee pool:<br />
• IR responsibilities can be called upon at any time <strong>of</strong> the day<br />
and so only those staff that are able to work within such time<br />
constraints should be considered.<br />
• IR responsibilities can trump the requirements <strong>of</strong> normal<br />
operations and so, unless dedicated IR staff is hired, only<br />
those staff that can be leveraged from their primary<br />
responsibilities with acceptable business impact should be<br />
considered.<br />
• IR responsibilities can require extreme amounts <strong>of</strong> work in<br />
compressed amounts <strong>of</strong> time and so, only those staff that can<br />
29