Control: ism-0043; Revision: 4; Updated: Dec-21; Applicability: ALL; Essential Eight: N/A
Systems have an incident response plan that covers the following:
- guidelines on what constitutes a cyber security incident
- the types of cyber security incidents likely to be encountered and the expected response to each type
- how to report cyber security incidents, internally to an organisation and externally to relevant authorities
- other parties which need to be informed in the event of a cyber security incident
- the authority, or authorities, responsible for investigating and responding to cyber security incidents
- the criteria by which an investigation of a cyber security incident would be requested from a law enforcement agency, the Australian Cyber Security Centre or other relevant authority
- the steps necessary to ensure the integrity of evidence relating to a cyber security incident
- system contingency measures or a reference to such details if they are located in a separate document.