The entity evaluates security events to determine whether they could or have resulted in a failure of the entity to meet its objectives (security incidents) and, if so, takes actions to prevent or address such failures
Procedures are in place for responding to security incidents and evaluating the effectiveness of those policies and procedures on a periodic basis
Detected security events are communicated to and reviewed by the individuals responsible for the management of the security program and actions are taken, if necessary
Procedures are in place to analyze security incidents and determine system impact
Detected security events are evaluated to determine whether they could or did result in the unauthorized disclosure or use of personal information and whether there has been a failure to comply with applicable laws or regulations
When an unauthorized use or disclosure of personal information has occurred, the affected information is identified.
- END-06.2 - Integration of Detection & Response
- IRO-01 - Incident Response Operations
- IRO-02 - Incident Handling
- IRO-04 - Incident Response Plan (IRP)
- IRO-04.1 - Data Breach
- MON-02 - Centralized Collection of Security Event Logs
- MON-02.1 - Correlate Monitoring Information
- MON-06 - Monitoring Reporting
- RSK-04 - Risk Assessment
- TPM-11 - Third-Party Incident Response & Recovery Capabilities