tagline: Confidence in the Connected World
CIS Logo
HomeCIS ControlsCIS Control 19: Incident Response and Management
Young men working on a computer

CIS Control 19

Incident Response and Management

Key Principle:

Protect the organization’s information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker’s presence, and restoring the integrity of the network and systems.

Why is this CIS Control critical?

Cyber incidents are now just part of our way of life. Even large, well-funded, and technically sophisticated enterprises struggle to keep up with the frequency and complexity of attacks. The question of a successful cyber-attack against an enterprise is not “if” but “when.”

When an incident occurs, it is too late to develop the right procedures, reporting, data collection, management responsibility, legal protocols, and communications strategy that will allow the enterprise to successfully understand, manage, and recover. Without an incident response plan, an organization may not discover an attack in the first place, or, if the attack is detected, the organization may not follow good procedures to contain damage, eradicate the attacker’s presence, and recover in a secure fashion. Thus, the attacker may have a far greater impact, causing more damage, infecting more systems, and possibly exfiltrate more sensitive data than would otherwise be possible were an effective incident response plan in place.

Main Points:
  • Ensure that there are written incident response procedures that include a definition of personnel roles for handling incidents. The procedures should define the phases of incident handling.
  • Assign job titles and duties for handling computer and network incidents to specific individuals.

See the full text of this CIS Control and the other 20 CIS Controls

Secure Your Organization Against the Most Common Attack Vectors

Download:

Arrow First 5 CIS Controls Arrow All 20 CIS Controls

Developed, validated and prioritized by a volunteer community of cybersecurity experts.

Information Hub: Incident Response and Management