Security Incident Response Procedure Checklist
Download Free Security Incident Response Checklist
- Do incident-response procedures exist?
- Are procedures understandable and up-to-date?
- Have all key personnel been trained in using the procedures?
- Do the procedures include instructions for contacting a security expert 24-hours-a-day, 7-days-a-week?
- If the security expert does not respond, does a procedure exist for escalating the problem to management?
- Is there a procedure for determining when to contact outside help, and whom to contact?
- Do procedures include notifying the CIO immediately when any break-in occurs, and again when the break-in is resolved?
- Has adequate funding been allotted for developing and maintaining incident responses to break-ins?
- Have key personnel actually attended all required training sessions?
- Have appropriate background checks been conducted on key personnel?
- Are communications between and among the system administration and security groups flowing smoothly?
- Are disaster-recovery plans in place?
- Do all systems have adequate security controls? ("Adequate" here means proven adequate by formal audit results.)
- Are system audit logs enabled?
- Are system logs periodically reviewed?
- Are the tools needed to detect an intrusion installed and operational?
- Can the detection software installed on your network detect unknown attacks?
- Can you detect and prevent attacks on the network and the host (a layered approach to detection)?
- Are attacks easy to trace back on your network?
| Attachment | Size |
|---|---|
| incident-response-checklist.jpg | 26.84 KB |
| incident-response-checklist.pdf | 10.7 KB |
| incident-response-checklist.xls | 15 KB |
- 91 reads