SAMMY UI is optimized for resolutions with a width 1024px and higher.
CIS Critical Security Controls
Browse CIS Critical...
17,1: Designate Personnel to Manage Incident Handling
17,2: Establish and Maintain Contact Information for Reporting Security Incidents
17,3: Establish and Maintain an Enterprise Process for Reporting Incidents
17,4: Establish and Maintain an Incident Response Process
17,5: Assign Key Roles and Responsibilities
17,6: Define Mechanisms for Communicating During Incident Response
17,7: Conduct Routine Incident Response Exercises
17,8: Conduct Post-Incident Reviews
17,9: Establish and Maintain Security Incident Thresholds
Establish and Maintain Security Incident Thresholds
17,9: Establish and Maintain Security Incident Thresholds
Policy defined
Not applicable - Not applicable
None - None
Informal - Informal
Partially written - Partially written
Written - Written
Approved and communicated - Approved and communicated
Control implemented
Not applicable - Not applicable
Not implemented - Not implemented
Parts of policy implemented - Parts of policy implemented
Implemented on some systems - Implemented on some systems
Implemented on most systems - Implemented on most systems
Implemented on all systems - Implemented on all systems
Control automated
Not applicable - Not applicable
Not automated - Not automated
Parts of policy automated - Parts of policy automated
Automated on some systems - Automated on some systems
Automated on most systems - Automated on most systems
Automated on all systems - Automated on all systems
Control reported
Not applicable - Not applicable
Not reported - Not reported
Parts of policy reported - Parts of policy reported
Reported on some systems - Reported on some systems
Reported on most systems - Reported on most systems
Reported on all systems - Reported on all systems
Description

Establish and maintain security incident thresholds, including, at a minimum, differentiating between an incident and an event. Examples can include: abnormal activity, security vulnerability, security weakness, data breach, privacy incident, etc. Review annually, or when significant enterprise changes occur that could impact this Safeguard.