IR-05-727 Incident Monitoring

Incident Monitoring

IR-05-727
Incident Monitoring
Incident Response
Protect, Respond
Cyber-Security Incident Response, Data Loss Prevention
LOW, MOD, HIGH
P1
Yes
February 13, 2018

All information security incidents shall be tracked in the Texas Department of Information Resources eGRC platform (SPECTRIM). All documentation obtained from an information security incident shall be kept in an Agency-approved electronic storage platform with appropriate access controls limiting access to authorized personnel.

Rules for evidence handling are not followed by when evidence is collected, retained, or presented.
The organization tracks and documents information system security incidents.
The organization utilizes an automated mechanism to record and track information security incidents.
The state organization tracks and documents information system security incidents on an ongoing basis.
Obtain incident response policy; procedures addressing incident monitoring; information system design documentation; information system configuration settings and associated documentation; automated mechanisms supporting incident monitoring; other relevant documents or records and ascertain if the organization employs automated mechanisms to assist in the tracking of security incidents and in the collection and analysis of incident information.