Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Policy 7230A - Department of Administration
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
8. Incident Response<br />
These Incident Response Mandatory Procedures support the Enterprise Security <strong>Policy</strong> (ITEC<br />
7230 Rev 1), the Computer Incident Response <strong>Policy</strong> (ITEC 7320) and the IT Security<br />
Response Protocols (ITEC 7320A).<br />
Mandatory<br />
Non-Mandatory<br />
Procedures Baselines Procedures Baselines<br />
8. Incident Response <br />
8.1. Incident Response<br />
8.1.1. Build a Team and Provide Training (4 sets) (4 sets)<br />
8.1.2. Build an Incident Response Capability (4 sets) (5 sets)<br />
8.1.3. Test the Plan (3 sets) (2 sets)<br />
8.1.4. Operate the Plan (5 sets) (3 sets)<br />
8.2. Maintain Records <br />
8.1. Incident Response<br />
The following are the Mandatory Procedures that support the Incident Response<br />
section <strong>of</strong> the Default Security Requirements:<br />
8.1.1. Build a Team and Provide Training<br />
No applicable Mandatory Procedures.<br />
8.1.2. Build an Incident Response Capability<br />
No applicable Mandatory Procedures.<br />
8.1.3. Test the Plan<br />
No applicable Mandatory Procedures.<br />
8.1.4. Operate the Plan<br />
Should a potential threat be detected it must be analyzed to determine if an<br />
incident has occurred and then the plan must be executed to minimize the<br />
harm inflicted by the incident:<br />
8.1.4.1 Detect Incidents to Identify Threats<br />
Before incidents can be responded to, they must be detected.<br />
Building standard categorizations can simplify detection and speed<br />
subsequent incident response processes:<br />
• Monitor systems for signs <strong>of</strong> incidents (see section 6.2.1 <strong>of</strong> the<br />
Non-Mandatory Procedures).<br />
• Categorize incidents according to established standards in<br />
order to establish appropriate analysis, containment,<br />
eradication and recovery processes.<br />
18