RS.MA-04.317

Does your organization have a formal process to track and validate the status of all cybersecurity incidents from identification through resolution?

Explanation

This question assesses whether your organization maintains continuous visibility of incident status throughout the incident response lifecycle. Effective incident tracking ensures that security events don't fall through the cracks, appropriate resources are allocated, and management has visibility into ongoing security issues. As evidence, you could provide a screenshot or export from your incident management system showing active incidents with their current statuses, assigned owners, and validation checkpoints. Alternatively, you could share your incident response procedure document that outlines how incidents are tracked and validated at each stage of remediation.

Implementation Example

Track and validate the status of all ongoing incidents

ID: RS.MA-04.317

Context

Function: RS: RESPOND
Category: RS.MA: Incident Management
Sub-Category: Incidents are escalated or elevated as needed

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub