Respond

These controls focus on the processes used to act when an information security or privacy event is detected.

These controls support our ability to contain the impact of a potential incident. Controls in this category focus on helping us understand the following:

  • What response plans are in place;
  • Roles and responsibilities for incident response;
  • What the options are for mitigating risks from an information security incident.

RESPONSE PLANNING

The Response Planning section of our Information Security Program addresses the response processes and procedures that are executed and maintained to ensure response to detected information security incidents.

Response Plan Execution

We use our documented Incident Response Plan when responding to information security and privacy-related incidents.

COMMUNICATIONS

The Communications section of our Information Security Program addresses response activities that are coordinated with internal and external stakeholders (including external support from law enforcement agencies, as needed).

Responder Roles & Responsibilities

We assign roles and responsibilities for incident responders to ensure a successful response to information security and privacy-related incidents.

Incident Reporting

We report information security and privacy-related incidents consistent with established reporting criteria, as mandated by statutory, regulatory, and contractual obligations.

Incident Information Sharing

We share pertinent incident information with affected stakeholders.

Stakeholder Coordination

We coordinate incident response activities with stakeholders that are consistent with documented plans.

Situational Awareness

We voluntary share information security and privacy-related incident information with external stakeholders to achieve broader situational awareness.

ANALYSIS

The Analysis section of our Information Security Program addresses the analysis that is conducted to ensure effective response and support recovery activities.

Alert Analysis

We investigate notifications from detection systems in a timely manner.

Impact Understanding

We evaluate the potential damage and scope of the incident to understand its potential impact.

Forensics

We utilize proper forensic procedures for information security and privacy-related incidents that have the potential for legal action or data breach reporting. This is provided by either an approved D3 forensic partner or an insurance company.

Incident Classification

We classify and document incidents consistent with established response plans.

Incident Classification

We maintain processes to receive, analyze, and respond to vulnerabilities disclosed from internal and external sources (internal testing, RSS, or security researchers).

MITIGATION

The Mitigation section of our Information Security Program addresses the activities to prevent the expansion of an event, mitigate its effects, and resolve the incident.

Contain Incidents

We implement mechanisms to contain the scope of information security incidents.

Mitigate Incidents

We implement mechanisms to mitigate the ramifications of information security incidents.

New Vulnerability Response

We identify, document, and mitigate (new) identified vulnerabilities in a timely manner.

IMPROVEMENTS

The Improvements section of our Information Security Program addresses organizational response activities that are improved by incorporating lessons learned from current and previous detection/response activities.

Incident Response Lessons Learned

We update our Incident Response Plan based on lessons learned following incidents or tabletop exercises.

Incident Response Strategy Update

Our management and cross-functional teams update their incident response strategy.