ID.IM-02.180
Does your organization have a process to identify and implement improvements to incident response procedures based on findings from exercises, tests, and reviews?
Explanation
This question assesses whether your organization has a formal feedback loop to enhance incident response capabilities based on lessons learned from various assessment activities. Effective incident response requires continuous improvement through analysis of performance in tabletop exercises, simulations, internal reviews, and independent audits. Organizations should document identified gaps, create action plans to address them, and implement improvements to procedures, training, and tools. Evidence could include a post-incident review document or improvement tracking system that shows: (1) findings from incident response assessments, (2) recommended improvements, (3) implementation status of those improvements, and (4) verification that changes were incorporated into updated incident response procedures.
Implementation Example
Identify improvements for future incident response activities based on findings from incident response assessments (e.g., tabletop exercises and simulations, tests, internal reviews, independent audits)
ID: ID.IM-02.180
Context
- Function
- ID: IDENTIFY
- Category
- ID.IM: Improvement
- Sub-Category
- Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties
