RS.MI-01.341

Does your organization have formal agreements with third parties (e.g., ISPs, MSSPs) authorizing them to perform containment actions during security incidents?

Explanation

This question assesses whether your organization has established formal relationships with trusted third parties who can act quickly to contain security incidents on your behalf. Such arrangements can be crucial during critical incidents when internal resources may be overwhelmed or when specialized expertise is required for effective containment. Evidence could include signed service level agreements (SLAs) with third parties that explicitly authorize containment actions, documented procedures for third-party incident response, or records of tabletop exercises conducted with these third parties to test containment procedures.

Implementation Example

Allow a third party (e.g., internet service provider, managed security service provider) to perform containment actions on behalf of the organization

ID: RS.MI-01.341

Context

Function
RS: RESPOND
Category
RS.MI: Incident Mitigation
Sub-Category
Incidents are contained

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron