AT-05 Contacts With Security Groups And Associations

Control: The organization establishes and maintains contacts with special interest groups, specialized forums, professional associations, news groups, and/or peer groups of security professionals in similar organizations to stay up to date with the latest recommended security practices, techniques, and technologies and to share the latest security-related information including threats, vulnerabilities, and incidents.

Supplemental Guidance: To facilitate ongoing security education and training for organizational personnel in an environment of rapid technology changes and dynamic threats, the organization establishes and institutionalizes contacts with selected groups and associations within the security community. The groups and associations selected are in keeping with the organization’s mission requirements. Information sharing activities regarding threats, vulnerabilities, and incidents related to information systems are consistent with applicable laws, Executive Orders, directives, policies, regulations, standards, and guidance.

Control Enhancements: (0) None.

Baseline: LOW Not Selected MOD Not Selected HIGH Not Selected

Family: Awareness And Training

Class: Operational

ISO 17799 mapping: 6.1.7

COBIT 4.1 mapping: None.

PCI-DSS v2 mapping: None.