IR-04 Incident Handling
Control: The organization implements an incident handling capability for security incidents that includes preparation, detection and analysis, containment, eradication, and recovery.
Supplemental Guidance: Incident-related information can be obtained from a variety of sources including, but not limited to, audit monitoring, network monitoring, physical access monitoring, and user/administrator reports. The organization incorporates the lessons learned from ongoing incident handling activities into the incident response procedures and implements the procedures accordingly. Related security controls: AU-6, PE-6.
Control Enhancements: (1) The organization employs automated mechanisms to support the incident handling process.
Baseline: LOW IR-4 MOD IR-4 (1) HIGH IR-4 (1)
Family: Incident Response
Class: Operational
ISO 17799 mapping: 6.1.6, 13.2.1, 13.2.2
COBIT 4.1 mapping: PO9.5, PO9.6, DS8.2
PCI-DSS v2 mapping: 12.9, 12.9.1, 12.9.6