IR-02-727 Incident Response Training

Incident Response Training

Control ID

IR-02-727

Control Name

Incident Response Training

Control Category

Incident Response

Functional Areas

Sub-Areas

NIST Baseline Level(s)

LOW, MOD, HIGH

NIST Priority

State Implementation Required

Yes

Agency Last Implemented Date

February 13, 2018

Agency Implementation

Agency personnel with responsibilities for information security incident response shall be provided with adequate training to identify, prioritize, report, and/or resolve information security incidents, as their duties dictate. The chief information security officer shall determine the appropriate training and personnel to receive such training.

Risk Statement

Failure to train personnel on the incident response roles and responsibilities may result in inadequately coordinated processes in response to a security incident.

Control Description

The organization provides incident response training to information system users consistent with assigned roles and responsibilities: a. Within [Assignment: organization-defined time period] of assuming an incident response role or responsibility; b. When required by information system changes; and c. [Assignment: organization-defined frequency] thereafter.

Control Example

The organization provides training to employees relevant to how to handle an information security incident.

State Implementation

The state organization trains personnel in their incident response roles and responsibilities with respect to the information system and provides refresher training at least annually.

Testing Procedures

Obtain incident response policy; procedures addressing incident response training; incident response training material; security plan; incident response training records; other relevant documents or records and ascertain if : (I)the organization identifies and documents personnel with incident response roles and responsibilities. (ii)the organization provides incident response training to personnel with incident response roles and responsibilities. (iii)incident response training material addresses the procedures and activities necessary to fulfill identified organizational incident response roles and responsibilities (iv)the organization defines in the security plan, explicitly or by reference, the frequency of refresher incident response training and the frequency is at least annually. (v)the organization provides refresher incident response training in accordance with organization-defined frequency.