top of page
AdobeStock_69523090.jpeg

How to

Designate Personnel to Manage Incident Handling

- SafeGuard 17.1

Here's a step-by-step guide to designating personnel to manage the enterprise's incident handling process, as per the requirements in CIS Control 17 - Incident Response Management, Implementation Group 1 (IG1):

 

Step 1: Identify Key Roles and Responsibilities:

  1. Determine the key roles required for managing the incident handling process. This includes a primary person responsible for incident coordination and documentation, as well as backup personnel.

  2. Define the roles and responsibilities of these individuals. This could involve incident response coordination, communication with stakeholders, documentation, and oversight of third-party vendors (if applicable).

 

Step 2: Select Appropriate Personnel:

  1. Choose individuals who possess the necessary skills, knowledge, and authority to effectively manage incident response efforts. They should have a solid understanding of your organization's IT environment, systems, and potential risks.

 

Step 3: Designate Primary and Backup Personnel:

  1. Designate one key person to be the primary incident handler. This individual will be responsible for leading incident response efforts.

  2. Assign at least one backup person who can step in if the primary person is unavailable. Having a backup ensures continuity in incident response.

 

Step 4: Define Reporting Structure:

  1. Establish a reporting structure for incident management personnel. Determine who they report to within the organization and how escalation will occur in case of complex incidents.

By following these steps, you'll establish a clear and effective process for designating personnel to manage your organization's incident handling process, aligning with the requirements of CIS18 Controls.

Step 5: Document Roles and Contact Information:

  1. Create formal documentation that outlines the roles, responsibilities, and contact information of the primary and backup personnel. This document should also detail the chain of command for reporting incidents.

 

Step 6: Internal vs. Third-Party Personnel:

  1. Decide whether the designated personnel will be internal employees, third-party vendors, or a hybrid approach involving both.

  2. If using a third-party vendor for incident response, designate at least one person within your organization to oversee and coordinate the vendor's work.

Step 7: Integration with Incident Response Plan:

  1. Integrate the designated personnel's roles and responsibilities into your organization's incident response plan. Clearly outline their responsibilities within the plan.

Step 8: Annual Review and Updates:

  1. Schedule an annual review of the designated personnel and their roles. Ensure that their skills are up-to-date, and their contact information remains accurate.

  2. Review their roles when significant organizational changes occur, such as mergers, acquisitions, or shifts in leadership.

Step 9: Communication and Training:

  1. Communicate the roles of the designated personnel to relevant stakeholders, such as IT teams, security personnel, and executive leadership.

  2. Provide training to the designated personnel to ensure they understand their roles and responsibilities effectively.

Step 10: Documentation and Records:

  1. Maintain a record of incidents, responses, and recovery efforts coordinated by the designated personnel. This documentation is crucial for analysis, compliance reporting, and continuous improvement.

as

By following these steps, you'll establish a clear and effective process for designating personnel to manage your organization's incident handling process, aligning with the requirements of CIS18 Controls.

bottom of page