The chief information security officer shall be the primary resource for manging the information security incident response process. The chief information security officer will utilize Texas A&M University Engineering IT Security and the Texas A&M University System Security Operations Center as back-up resources as needed to facilitate an effective response to a suspected or confirmed information security incident.
Lack of a Security Incident Response Program may result in improper identification and handling of security events.
The organization provides an incident response support resource, integral to the organizational incident response capability that offers advice and assistance to users of the information system for the handling and reporting of security incidents.
The organization has defined a resource and a back-up resource to provide guidance for the incident management response process.
The state organization provides an incident response support resource that offers advice and assistance to users of the information system for the handling and reporting of security incidents. The support resource is an integral part of the organization’s incident response capability.
Obtain Incident response policy; procedures addressing incident response assistance; automated mechanisms supporting incident response support and assistance; other relevant documents or records and ascertain if :
(I)the organization provides an incident response support resource that offers advice and assistance to users of the information system for the handling and reporting of security incidents.
(ii)the incident response support resource is an integral part of the organization’s incident response capability.
(iii)the organization employs automated mechanisms to increase the availability of incident response-related information and support for incident response support.