BIZOPS-33 Incident Response Team

Estimated reading: 2 minutes 1186 views

What is BIZOPS-33 Incident Response Team Control?

Incident Response Team Control focuses on implementing a team solely responsible for monitoring cyber security incidents and attacks and responding to these incidents.

Ideally, an incident response team is composed of a leader, a communication liaison, a lead investigator, a legal representative, and analysts. In a small organization, there can be one dedicated person responsible for monitoring and following up on incidents.

Available tools in the marketplace

Tools
No tool recommendation is made for this section

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

Control Implementation

To implement this control,

  • A designated person or set of personnel must be identified.
  • A process must be documented that includes the following at a minimum:
    • Roles and responsibilities: This section must include the names and roles of the designated personnel.
    • Communication: This section should describe the communication process to ensure that the organization is properly informed about incidents.
    • Investigation: This section should describe the process for investigating events and performing an in-depth evaluation.
    • Recovery: This section should describe the process for containing, eradicating, and recovering from an incident.

What evidence do auditors look for?

  1. Provide your documented incident response team charter or procedure.

Evidence example

  1. Provide your documented Incident Response Team Charter or procedure
    Here is a link to the template.
    The following screenshot shows the “Computer Security Incident Response Team Charter.”.
    BIZOPS 33 Incident Response Team 01
    The following screenshot shows the roles and responsibilities of the Computer Security Incident Response Team’s external members.BIZOPS 33 Incident Response Team 02

 

Join the conversation

ON THIS PAGE
SHARE THIS PAGE

SUBSCRIBE
FlightSchool
OR