|
|
 |
|
Response Management
Develop and manage a capability to respond to and recover from disruptive and destructive information security events.
Tasks
- Develop and implement processes for detecting, identifying and analyzing security related events.
- Develop response and recovery plans including organizing, training and equipping the teams.
- Ensure periodic testing of the response and recovery plans where appropriate.
- Ensure the execution of response and recovery plans as required.
- Establish procedures for documenting an event as a basis for subsequent action, including forensics when necessary.
- Manage post-event reviews to identify causes and corrective actions.
Knowledge Statements
- Knowledge of the components of an incident response capability
- Knowledge of information security emergency management practices (for example, production change control activities, development of computer emergency response team)
- Knowledge of disaster recovery planning and business recovery processes
- Knowledge of disaster recovery testing for infrastructure and critical business applications
- Knowledge of escalation processes for effective security management
- Knowledge of intrusion detection policies and processes
- Knowledge of help desk processes for identifying security incidents reported by users and distinguishing them from other issues dealt with the help desks
- Knowledge of the notification process in managing security incidents and recovery: (for example, automated notice and recovery mechanisms for example in response to virus alerts in a real-time fashion)
- Knowledge of the requirements for collecting and presenting evidence; rules for evidence, admissibility of evidence, quality and completeness of evidence
- Knowledge of post-incident reviews and follow-up procedures
|
 |
|
|
|
|
|
|
