19.1: Document Incident Response Procedures

Ensure that there are written incident response plans that define roles of personnel as well as phases of incident handling/management.

Asset Type

Security Function

Implementation Groups

N/A

N/A

1, 2, 3

Dependencies

  • None

Inputs

  1. Incident response plan

Operations

  1. Determine whether incident response plan exists (becomes M1)

  2. If it exists, then manual review of incident response plan (determine M2 and M3)

Measures

  • M1 = A plan exists

  • M2 = The plan defines incident response roles

  • M3 = The plan defines incident handling/management phases

Metrics

Existence

Metric
Ensure that there are written incident response plans that define roles of personnel
as well as phases of incident handling/management.

Calculation

M1 AND M2 AND M3