IR-02-727 Incident Response Training

Incident Response Training

IR-02-727
Incident Response Training
Incident Response
LOW, MOD, HIGH
P2
Yes
February 13, 2018

Agency personnel with responsibilities for information security incident response shall be provided with adequate training to identify, prioritize, report, and/or resolve information security incidents, as their duties dictate. The chief information security officer shall determine the appropriate training and personnel to receive such training.

Failure to train personnel on the incident response roles and responsibilities may result in inadequately coordinated processes in response to a security incident.
The organization provides incident response training to information system users consistent with assigned roles and responsibilities: a. Within [Assignment: organization-defined time period] of assuming an incident response role or responsibility; b. When required by information system changes; and c. [Assignment: organization-defined frequency] thereafter.
The organization provides training to employees relevant to how to handle an information security incident.
The state organization trains personnel in their incident response roles and responsibilities with respect to the information system and provides refresher training at least annually.
Obtain incident response policy; procedures addressing incident response training; incident response training material; security plan; incident response training records; other relevant documents or records and ascertain if : (I)the organization identifies and documents personnel with incident response roles and responsibilities. (ii)the organization provides incident response training to personnel with incident response roles and responsibilities. (iii)incident response training material addresses the procedures and activities necessary to fulfill identified organizational incident response roles and responsibilities (iv)the organization defines in the security plan, explicitly or by reference, the frequency of refresher incident response training and the frequency is at least annually. (v)the organization provides refresher incident response training in accordance with organization-defined frequency.