A cyber security incident management policy, and associated cyber security incident response plan, is developed, implemented and maintained.
Topic
Cyber security incident management policy
Applicable to
all
History
Priority
must
Sep 2023
A cyber security incident management policy, and associated cyber security incident response plan, is developed, implemented and maintained.
References to ‘incident response plan’ were replaced with ‘cyber security incident response plan’.
Sep 2023
A cyber security incident management policy, and associated cyber security incident response plan, is developed, implemented and maintained.
References to ‘incident management’ were replaced with ‘cyber security incident management’.
Dec 2022
An incident management policy, and associated incident response plan, is developed, implemented and maintained.
Existing controls relating to the development and implementation of cyber security documentation were amended to ensure documentation is maintained throughout its lifetime.
Dec 2022
An incident management policy, and associated incident response plan, is developed, implemented and maintained.
The existing control relating to the development and implementation of an incident management policy was amended to include the development and implementation of an associated incident response plan.
Sep 2022
An incident management policy is developed and implemented.
Language associated with ‘intrusion detection and prevention policy’ was amended to ‘incident management policy’
Aug 2019
An intrusion detection and prevention policy is developed and implemented.
Security control 0576 was modified to refer to an intrusion detection and prevention policy rather than a strategy. The content for such a policy was reviewed and lifted up into associated rational for this security control.
Jul 2019
An intrusion detection and prevention strategy is developed and implemented that includes:
§ network-based intrusion detection and prevention
§ procedures and resources for maintaining detection signatures
§ procedures and resources for the analysis of event logs and real-time alerts
§ procedures and resources for responding to detected cyber security incidents
§ the frequency for review of intrusion detection and prevention procedures and resourcing.
2015
Agencies must develop, implement and maintain an intrusion detection and preventionstrategy that includes:• network-based intrusion detection and prevention systems• procedures and resources for maintaining detection signatures• procedures and resources for the analysis of event logs and real-time alerts• procedures and resources for responding to detected cyber security incidents• the frequency for review of intrusion detection and prevention procedures and resourcing.
2010
Agencies must develop, implement and maintain an intrusion detection strategy that includes:• appropriate intrusion detection mechanisms, including network-based IDSs and host-based IDSs asnecessary• the audit analysis of event logs, including IDS logs• a periodic audit of intrusion detection procedures• information security awareness and training programs• a documented IRP• the capability to detect cyber security incidents and attempted network intrusions on gateways andprovide real-time alerts.