Control 19.3: Designate Management Personnel to Support Incident Handling

Designate management personnel, as well as backups, who will support the incident handling process by acting in key decision-making roles.

Category

Procedural

Purpose

During an incident, many important decisions will need to be made in a short timeframe. For this reason, it is necessary for management personnel with the authority to make those decisions to be involved in the incident handling process. Designated management personnel should have a clear understanding of their role in the process ahead of time, before incidents occur. Backup personnel should also be designated in case the corresponding primary personnel are unavailable when an incident arises.

Automation

There is no way to automate this this Sub-Control. Yet this does not mean that an incident response plan and associated response procedures must be made from scratch. It is possible to obtain incident response procedures from other similar organizations that already have them in place. These procedures likely nominate management and technical roles for certain response positions, and these can be can be modified to fit an organization’s needs.

Guidance and Tools

Many organizations offer useful incident response guidance.

• Open Trust Alliance: This guidance contains checklists of considerations for developing a response plan and provides templates that can be incorporated (https://otalliance.org/system/files/files/initiative/documents/2017_cyber_incident_breach_response_guide.pdf).
• Carnegie Mellon: The university makes their Incident Response Plan available, can be used as a resource for others (https://www.cmu.edu/iso/governance/procedures/docs/incidentresponseplan1.0.pdf).
• State of Oregon: The Oregon State Government provides a template for an Incident Response plan (https://www.oregon.gov/das/oscio/documents/incidentresponseplantemplate.pdf).