CIS Control 19

CIS Control 19: Incident Response and Management

Protect the organization’s information, as well as its reputation, by developing and implementing an incident response infrastructure (e.g., plans, defined roles, training, communications, management oversight) for quickly discovering an attack and then effectively containing the damage, eradicating the attacker’s presence, and restoring the integrity of the network and systems.

19.1: Document Incident Response Procedures

  • Ensure that there are written incident response plans that define roles of personnel as well as phases of incident handling/management.

19.2: Assign Job Titles and Duties for Incident Response

  • Assign job titles and duties for handling computer and network incidents to specific individuals, and ensure tracking and documentation throughout the incident through resolution.

19.3: Designate Management Personnel to Support Incident Handling

  • Designate management personnel, as well as backups, who will support the incident handling process by acting in key decision-making roles.

19.4: Devise Organization-wide Standards For Reporting Incidents

  • Devise organization-wide standards for the time required for system administrators and other workforce members to report anomalous events to the incident handling team, the mechanisms for such reporting, and the kind of information that should be included in the incident notification.

19.5: Maintain Contact Information For Reporting Security Incidents

  • Assemble and maintain information on third-party contact information to be used to report a security incident, such as Law Enforcement, relevant government departments, vendors, and Information Sharing and Analysis Center (ISAC) partners.

19.6: Publish Information Regarding Reporting Computer Anomalies and Incidents

  • Publish information for all workforce members, regarding reporting computer anomalies and incidents, to the incident handling team. Such information should be included in routine employee awareness activities.

19.7: Conduct Periodic Incident Scenario Sessions for Personnel

  • Plan and conduct routine incident response exercises and scenarios for the workforce involved in the incident response to maintain awareness and comfort in responding to real-world threats. Exercises should test communication channels, decision making, and incident responder’s technical capabilities using tools and data available to them.

19.8: Create Incident Scoring and Prioritization Schema

  • Create incident scoring and prioritization schema based on known or potential impact to your organization. Utilize score to define frequency of status updates and escalation procedures.

Figure: System Entity Relationship Diagram

CIS Control 19
Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2022, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.