The first step of setting up a cyber security Incident Response process is to be able to monitor and detect cyber security events, so that relevant incidents can be identified and classified. This will help to prioritise them and also to respond to them efficiently, a task that may require having dedicated teams, that can assign responsibilities and undertake the necessary actions. A procedure to inform the user about incidents shall also be considered, including elaboration of appropriate communication plans with the involvement of relevant parties. This shall be done to ensure that the appropriate information is communicated to users. Regarding software, a strategy shall be put into place to not only ensure updates but also to inform the user promptly and effectively about their implementation. For further details on software updates, please refer to the Implementation of Updates topic on questions Sys_9, Sys_10, and Sys_11.
Main Question
Is a cyber security Incident Response process established?
Sub-Questions
- Is a procedure established to properly inform the user when cyber security incidents may have an impact on them (e.g. security breach to back-end server, or system support malfunction)?
- Is a clear strategy for Over The Air (OTA) updates defined based on cyber security requirements?