T8.2.1 - INCIDENT RESPONSE PLAN Implementation Guidance
The entity shall develop a plan to guide incident response activities.
Back to T8.2.1 - P2 - INCIDENT RESPONSE PLAN
Critical entities shall also take into account any other NESA’s relevant issuances, guidance, and activities in this regard (also refer to National Cyber Response Framework).
The entity should consider the following:
- A. Develop an incident response plan that:
1- Provides the entity with a roadmap for implementing its incident response capability
2- Describes the structure and organization of the incident response capability
3- Provides a high-level approach for how the incident response capability fits into the overall entity
4- Meets the unique requirements of the entity, which relate to mission, size, structure, and functions
5- Defines reportable incidents
6- Provides metrics for measuring the incident response capability within the entity
7- Defines the resources and management support needed to effectively maintain and mature an incident response capability
8- Is reviewed and approved by defined personnel or roles
- B. Make the incident response plan available to defined incident response personnel (identified by name and/or by role- and organizational elements;
- C. Review and test the incident response plan in defined frequency;
- D. Update the incident response plan to address system/organizational changes or problems encountered during plan implementation, execution, or testing;
- E. Communicate incident response plan changes to defined incident response personnel (identified by name and/or by role) and organizational elements; and
- F. Protect the incident response plan from unauthorized disclosure and modification.
It is important that entities develop and implement a coordinated approach to incident response. Organizational missions, business functions, strategies, goals, and objectives for incident response help to determine the structure of incident response capabilities. As part of a comprehensive incident response capability, entities consider the coordination and sharing of information with external entities, including, for example, external service providers and entities involved in the supply chain for organizational information systems.
