Today, I will be going over Control 19 from version 7 of the CIS top 20 Critical Security Controls – Incident Response and Management. I will go through the eight requirements and offer my thoughts on what I’ve found.

Key Take Aways for Control 19

  • Most of the same. Control 19 remains relatively intact from the previous version of the controls. The notable difference is the addition of section 8 regarding a scoring mechanism for handling incidents.
  • Plan and Test. The overall theme of this section is to make sure you plan and test for an event before it happens. As with any emergency, you don’t want to be figuring things out on the fly.

Requirement Listing for Control 19

1. Document Incident Response Procedures

Description: Ensure that there are written incident response plans that defines roles of personnel as well as phases of incident handling/management.

Notes: Define what needs to be done when an incident happens. It’s likely the first time you make a pass at this that roles and responsibilities will be left out. Follow guidance from someone like NIST on defining what these roles and responsibilities will be.

2. Assign Job Titles and Duties for Incident Response

Description: Assign job titles and duties for handling computer and network incidents to specific individuals and ensure tracking and documentation throughout the incident through resolution.

Notes: After completing section 1, you’ll need to assign bodies to the roles and responsibilities. Don’t be afraid to have a single person responsible for multiple roles. However, be wary that you shouldn’t overburden a single person in the event of an emergency.

3. Designate Management Personnel to Support Incident Handling

Description: Designate management personnel, as well as backups, who will support the incident handling process by acting in key (Read more...)