IR-02 Incident Response Training
Control: The organization trains personnel in their incident response roles and responsibilities with respect to the information system and provides refresher training [Assignment: organization- defined frequency, at least annually].
Supplemental Guidance: None.
(1) The organization incorporates simulated events into incident response training to facilitate effective response by personnel in crisis situations.
(2) The organization employs automated mechanisms to provide a more thorough and realistic training environment.
Baseline: LOW Not Selected MOD IR-2 HIGH IR-2 (1)
Family: Incident Response
ISO 17799 mapping: 13.1.1
COBIT 4.1 mapping: None.
PCI-DSS v2 mapping: 12.9.4