RS.MA-02.312

Does your organization have a process to initially screen and validate incident reports to determine if they are cybersecurity-related and require incident response procedures?

Explanation

This question assesses whether your organization has a triage mechanism to properly classify incoming security alerts or reports before allocating incident response resources. Without proper screening, teams may waste resources on false positives or non-security events, while potentially missing critical incidents that require immediate attention. Effective screening helps prioritize response efforts and ensures appropriate escalation paths are followed. Evidence could include a documented incident triage procedure, a decision tree for incident classification, screenshots of a ticketing system showing initial assessment fields, or examples of incident intake forms with preliminary assessment criteria.

Implementation Example

Preliminarily review incident reports to confirm that they are cybersecurity-related and necessitate incident response activities

ID: RS.MA-02.312

Context

Function
RS: RESPOND
Category
RS.MA: Incident Management
Sub-Category
Incident reports are triaged and validated

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron