RS.MI-02.344

Does your incident response system allow authorized responders to manually select and execute eradication actions during security incidents?

Explanation

This question assesses whether incident responders have the necessary control to manually choose and implement specific actions to eliminate threats from your environment. Manual eradication capabilities are crucial when automated responses are insufficient or when incidents require human judgment to determine the most appropriate remediation approach without causing operational disruptions. Evidence could include screenshots of your incident response platform showing manual eradication options, documented procedures that outline the process for manual intervention, or access control lists showing which team members have permissions to execute eradication actions.

Implementation Example

Allow incident responders to manually select and perform eradication actions

ID: RS.MI-02.344

Context

Function
RS: RESPOND
Category
RS.MI: Incident Mitigation
Sub-Category
Incidents are eradicated

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron