apiperCIS
commented
5 years ago Inputs 1) Incident Response Plan including Incident Response Job Titles/Duties 2) Mapping of Individuals to Incident Response Job Titles/Duties
Operations 1) Manually review the Incident Response Plan to verify that it exists and that it contains Incident Response job titles and duties. If the document exists and contains job titles and duties, set M1 equal to 1. If it does not exist, set M1 equal to 0 and skip the remaining operations. 2) Manually review the Incident Response Plan to verify that it ensures tracking and documentation throughout the incident through resolution. If this is adequately addressed in the document, set M2 equal to 1. If it is not, set M2 equal to 0. 3) For each job title specified in the Incident Response Plan, check Input 2 to ensure that at least one individual is mapped to that job. Create a list of jobs that have been assigned at least one individual (M3) and a list of jobs that have not been assigned at least one individual (M4).
Measures M1: binary value indicating if the Incident Response Plan exists and contains Incident Response job titles and duties; 1 if so, 0 if not M2: binary value indicating if the Incident Response Plan adequately addresses tracking and documentation throughout the incident; 1 if so, 0 if not M3: List of Incident Response jobs with individuals assigned M4: List of Incident Response jobs without individuals assigned M5: Count of Incident Response jobs with individuals assigned (count of M3) M6: Total number of Incident Response jobs defined
Metrics Incident Response Plan exists, contains job titles/duties, and adequately addresses tracking and documentation throughout the incident: M1 and M2 Ratio of Incident Response jobs with assignees: M4 / M6
Assign job titles and duties for handling computer and network incidents to specific individuals and ensure tracking and documentation throughout the incident through resolution.
Measures
Metrics