Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
8. Incident Response<br />
These Incident Response Non-Mandatory Baselines support the Enterprise Security <strong>Policy</strong><br />
(ITEC 7230 Rev 1), the Computer Incident Response <strong>Policy</strong> (ITEC 7320) and the IT Security<br />
Response Protocols (ITEC 7320A).<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
8. Incident Response <br />
8.1. Incident Response<br />
8.1.1. Build a Team and Provide Training (4 sets) (4 sets)<br />
8.1.2. Build an Incident Response Capability (4 sets) (5 sets)<br />
8.1.3. Test the Plan (3 sets) (2 sets)<br />
8.1.4. Operate the Plan (5 sets) (3 sets)<br />
8.2. Maintain Records <br />
8.1. Incident Response<br />
The following are the Non-Mandatory Baselines that support the Incident Response<br />
section <strong>of</strong> the Default Security Requirements:<br />
8.1.1. Build a Team and Provide Training<br />
Incident response is a security control that requires specialized capabilities.<br />
Building a team ensures those capabilities are always appropriately provided<br />
for:<br />
8.1.1.a Incident Response (IR) Responsibilities<br />
• Communications and coordination skills are required to<br />
manage the various team members and activities and to share<br />
information with employees <strong>of</strong> the organization outside <strong>of</strong> the<br />
IR team.<br />
• Network management skills are required to ensure network<br />
functionality and availability during an incident as well as to<br />
understand the impact <strong>of</strong> the incident in regard to network<br />
functions.<br />
• Systems management skills are required to ensure system<br />
functionality and availability during an incident as well as to<br />
understand the impact <strong>of</strong> the incident in regard to system<br />
functions.<br />
• Security management skills are required to ensure security<br />
infrastructure functionality and availability during an incident<br />
as well as to understand the impact <strong>of</strong> the incident in regard<br />
to security functions.<br />
24