X hits on this document

Word document

Twenty Most Important Controls and Metrics for - page 43 / 48

98 views

0 shares

0 downloads

0 comments

43 / 48

4.

Advanced: Devise a scoring method for determining the results of Red Team exercises so that results can be compared over time.

5.

Advanced: Create a test bed that mimics a production environment for specific Red Team attacks against elements that are not typically tested in production, such as attacks against SCADA and other control systems.

Critical Control 18:  Incident Response Capability

A great deal of damage has been done to organizational reputations and a great deal of information has been lost in organizations that do not have fully effective incident response programs in place.

The National Institute of Standards and Technology (NIST) has released detailed guidelines for creating and running an incident response team in Special Publication 800-61, available at http://csrc.nist.gov/publications/nistpubs/800-61/sp800-61.pdf.   Among the most important elements included in these guidelines are:

1.

QW: Develop written incident response procedures, which include a definition of personnel roles for handling incidents.  The procedures should define the phases of incident handling consistent with the NIST guidelines cited above.

2.

QW: Assign specific individuals job titles and duties for handling computer and network incidents.

3.

QW: Define management personnel that will support the incident handling process within each organization, acting in key decision-making roles

4.

QW: Devise organization-wide standards for the time required for system administrators and other personnel to report anomalous events to the agency incident handling team, the mechanisms for such reporting, and the kind of information that should be passed in the incident notification.  This reporting should also include notifying US-CERT in accordance with federal requirements for involving that organization in computer incidents.

5.

QW: Publish information to all personnel, including employees and contractors, regarding reporting computer anomalies and incidents to the incident handling team.  Include such information in routine employee awareness activities.

43

Document info
Document views98
Page views98
Page last viewedSat Dec 03 05:18:10 UTC 2016
Pages48
Paragraphs617
Words15387

Comments