Content library
CyberFundamentals (Belgium)
RS.RP-1: Response plan is executed during or after an incident.

How to fill the requirement

CyberFundamentals (Belgium)

RS.RP-1: Response plan is executed during or after an incident.

Task name
Priority
Status
Theme
Policy
Other requirements
Treatment process and documentation of occurred security incidents
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Incident management
Incident management and response
requirements

Task is fulfilling also these other security requirements

T06: Turvallisuuspoikkeamien hallinta
Katakri
32. Security of processing
GDPR
12. Transparent information, communication and modalities for the exercise of the rights of the data subject
GDPR
16.1.5: Response to information security incidents
ISO27 Full
6.4: Menettelytavat virhe- ja ongelmatilanteissa
Self-monitoring
1. Task description

All security incidents are addressed in a consistent manner to improve security based on what has happened.

In the incident treatment process:

  • the reported incident is confirmed (or found unnecessary to record)
  • the type and cause of incident is documented
  • the risks associated with the incident are documented
  • the risks are re-evaluated and treated if that is necessary after the incident
  • risk mitigation measures or a decision their acceptance is documented
  • people who need to be informed of the results of the incident treatment are identified (including external ones)
  • possible need for a post-incident analysis is determined
Designation of an incident management team
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Incident management
Incident management and response
requirements

Task is fulfilling also these other security requirements

16.1.3: Reporting information security weaknesses
ISO27 Full
16.1.2: Reporting information security events
ISO27 Full
ID.RA-3: Threat identification
NIST
RS.CO-1: Personnel roles
NIST
5.25: Assessment and decision on information security events
ISO27k1 Full
1. Task description

The organization shall ensure that clear persons are assigned to incident management responsibilities, e.g. handling the first response for incidents.

Incident management personnel need to be instructed and trained to understand the organization's priorities in dealing with security incidents.

Executing an incident response plan with stakeholders
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
requirements

Task is fulfilling also these other security requirements

RS.CO-4: Coordination with stakeholders
NIST
RS.RP-1: Response plan is executed during or after an incident.
CyFun
RS.CO-4: Coordination with stakeholders occurs consistent with response plans.
CyFun
1. Task description

In the event of an incident, the implementation of the response plan with stakeholders must be carried out as specified in the plan.

Communication in accordance with the incident response plan in the event of a incident
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
requirements

Task is fulfilling also these other security requirements

RS.CO-3: Information sharing
NIST
32: Viestintäsuunnitelma häiriö- ja kriisitilanteisiin
Sec overview
RESPONSE-3: Respond to Cybersecurity Incidents
C2M2: MIL1
Article 14: Communication
DORA
Article 17: ICT-related incident management process
DORA
1. Task description

In the event of an incident , communication with internal and external stakeholders must be in accordance with the incident response plan.

Developing an incident response plan for critical information systems
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Continuity management
requirements

Task is fulfilling also these other security requirements

RS.RP: Response Planning
NIST
RS.RP-1: Incident response plan
NIST
HAL-17: Tietojärjestelmien toiminnallinen käytettävyys ja vikasietoisuus
Julkri
VAR-09: Tietojärjestelmien toipumissuunnitelmat
Julkri
CC7.4: Responding to identified security incidents
SOC 2
1. Task description

The organization shall establish a incident response plan for security incidents to critical information systems. Response plans should also be tested by the necessary organizational elements. The plan should take into account at least:

  • The purpose of the information system and the precautions to be taken in the event of its disruption
  • Recovery plans, targets, and priorities for the order of recovery of assets
  • The role of implementing the response plans and the contact details of the persons assigned to the roles
  •  Continuation of normal operations regardless of the state of the information systems.
  • Distribution, approval and review of response plans

In addition, the plan should at least:

  • Establish a roadmap for developing disruption management capacity
  • Describe the structure and organization of incident management capability
  • Provides metrics to measure incident management capability
The first level response process to security incidents
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Incident management
Incident management and response
requirements

Task is fulfilling also these other security requirements

16.1.4: Assessment of and decision on information security events
ISO27 Full
6.4: Menettelytavat virhe- ja ongelmatilanteissa
Self-monitoring
DE.AE-4: Impact of events
NIST
RS.RP: Response Planning
NIST
RS.RP-1: Incident response plan
NIST
1. Task description

The organization has defined a process and the team involved in responding promptly to security incidents and deciding on the appropriate actions.

The first level response process includes at least:

  • effectively seeking to confirm the identified incident
  • deciding on the need for immediate response
No items found.