BIZOPS-33 Incident Response Team

What is BIZOPS-33 Incident Response Team Control?

Incident Response Team Control focuses on implementing a team solely responsible for monitoring cyber security incidents and attacks and responding to these incidents.

Ideally, an incident response team is composed of a leader, a communication liaison, a lead investigator, a legal representative, and analysts. In a small organization, there can be one dedicated person responsible for monitoring and following up on incidents.

Available tools in the marketplace

Tools

No tool recommendation is made for this section

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

• Best Practices on Incident Response Plans from NIST

Control Implementation

To implement this control,

• A designated person or set of personnel must be identified.
• A process must be documented that includes the following at a minimum:
  • Roles and responsibilities: This section must include the names and roles of the designated personnel.
  • Communication: This section should describe the communication process to ensure that the organization is properly informed about incidents.
  • Investigation: This section should describe the process for investigating events and performing an in-depth evaluation.
  • Recovery: This section should describe the process for containing, eradicating, and recovering from an incident.

What evidence do auditors look for?

1. Provide your documented incident response team charter or procedure.

Evidence example

1. Provide your documented Incident Response Team Charter or procedure
   Here is a link to the template.
   The following screenshot shows the “Computer Security Incident Response Team Charter.”.
   The following screenshot shows the roles and responsibilities of the Computer Security Incident Response Team’s external members.