How to
Designate Personnel to Manage Incident Handling
- SafeGuard 17.1
Here's a step-by-step guide to designating personnel to manage the enterprise's incident handling process, as per the requirements in CIS Control 17 - Incident Response Management, Implementation Group 1 (IG1):
Step 1: Identify Key Roles and Responsibilities:
-
Determine the key roles required for managing the incident handling process. This includes a primary person responsible for incident coordination and documentation, as well as backup personnel.
-
Define the roles and responsibilities of these individuals. This could involve incident response coordination, communication with stakeholders, documentation, and oversight of third-party vendors (if applicable).
Step 2: Select Appropriate Personnel:
-
Choose individuals who possess the necessary skills, knowledge, and authority to effectively manage incident response efforts. They should have a solid understanding of your organization's IT environment, systems, and potential risks.
Step 3: Designate Primary and Backup Personnel:
-
Designate one key person to be the primary incident handler. This individual will be responsible for leading incident response efforts.
-
Assign at least one backup person who can step in if the primary person is unavailable. Having a backup ensures continuity in incident response.
Step 4: Define Reporting Structure:
-
Establish a reporting structure for incident management personnel. Determine who they report to within the organization and how escalation will occur in case of complex incidents.
By following these steps, you'll establish a clear and effective process for designating personnel to manage your organization's incident handling process, aligning with the requirements of CIS18 Controls.
Step 5: Document Roles and Contact Information:
-
Create formal documentation that outlines the roles, responsibilities, and contact information of the primary and backup personnel. This document should also detail the chain of command for reporting incidents.
Step 6: Internal vs. Third-Party Personnel:
-
Decide whether the designated personnel will be internal employees, third-party vendors, or a hybrid approach involving both.
-
If using a third-party vendor for incident response, designate at least one person within your organization to oversee and coordinate the vendor's work.
Step 7: Integration with Incident Response Plan:
-
Integrate the designated personnel's roles and responsibilities into your organization's incident response plan. Clearly outline their responsibilities within the plan.
Step 8: Annual Review and Updates:
-
Schedule an annual review of the designated personnel and their roles. Ensure that their skills are up-to-date, and their contact information remains accurate.
-
Review their roles when significant organizational changes occur, such as mergers, acquisitions, or shifts in leadership.
Step 9: Communication and Training:
-
Communicate the roles of the designated personnel to relevant stakeholders, such as IT teams, security personnel, and executive leadership.
-
Provide training to the designated personnel to ensure they understand their roles and responsibilities effectively.
Step 10: Documentation and Records:
-
Maintain a record of incidents, responses, and recovery efforts coordinated by the designated personnel. This documentation is crucial for analysis, compliance reporting, and continuous improvement.
as
By following these steps, you'll establish a clear and effective process for designating personnel to manage your organization's incident handling process, aligning with the requirements of CIS18 Controls.