These controls support our ability to contain the impact of a potential incident. Controls in this category focus on helping us understand the following:
The Response Planning section of our Information Security Program addresses the response processes and procedures that are executed and maintained to ensure response to detected information security incidents.
We use our documented Incident Response Plan when responding to information security and privacy-related incidents.
The Communications section of our Information Security Program addresses response activities that are coordinated with internal and external stakeholders (including external support from law enforcement agencies, as needed).
We assign roles and responsibilities for incident responders to ensure a successful response to information security and privacy-related incidents.
We report information security and privacy-related incidents consistent with established reporting criteria, as mandated by statutory, regulatory, and contractual obligations.
We share pertinent incident information with affected stakeholders.
We coordinate incident response activities with stakeholders that are consistent with documented plans.
We voluntary share information security and privacy-related incident information with external stakeholders to achieve broader situational awareness.
The Analysis section of our Information Security Program addresses the analysis that is conducted to ensure effective response and support recovery activities.
We investigate notifications from detection systems in a timely manner.
We evaluate the potential damage and scope of the incident to understand its potential impact.
We utilize proper forensic procedures for information security and privacy-related incidents that have the potential for legal action or data breach reporting. This is provided by either an approved D3 forensic partner or an insurance company.
We classify and document incidents consistent with established response plans.
We maintain processes to receive, analyze, and respond to vulnerabilities disclosed from internal and external sources (internal testing, RSS, or security researchers).
The Mitigation section of our Information Security Program addresses the activities to prevent the expansion of an event, mitigate its effects, and resolve the incident.
We implement mechanisms to contain the scope of information security incidents.
We implement mechanisms to mitigate the ramifications of information security incidents.
We identify, document, and mitigate (new) identified vulnerabilities in a timely manner.
The Improvements section of our Information Security Program addresses organizational response activities that are improved by incorporating lessons learned from current and previous detection/response activities.
We update our Incident Response Plan based on lessons learned following incidents or tabletop exercises.
Our management and cross-functional teams update their incident response strategy.