IR — Incident Response
42 controls in the Incident Response family
IR-1Policy And Procedures
LOW
MODERATE
HIGH
PRIVACY
IR-2Incident Response Training
LOW
MODERATE
HIGH
PRIVACY
IR-2(1)Simulated Events
HIGH
IR-2(2)Automated Training Environments
HIGH
IR-2(3)Breach
PRIVACY
IR-3Incident Response Testing
MODERATE
HIGH
PRIVACY
IR-3(1)Automated Testing
IR-3(2)Coordination With Related Plans
MODERATE
HIGH
IR-3(3)Continuous Improvement
IR-4Incident Handling
LOW
MODERATE
HIGH
PRIVACY
IR-4(1)Automated Incident Handling Processes
MODERATE
HIGH
IR-4(2)Dynamic Reconfiguration
IR-4(3)Continuity Of Operations
IR-4(4)Information Correlation
HIGH
IR-4(5)Automatic Disabling Of System
IR-4(6)Insider Threats
IR-4(7)Insider Threats -- Intra-Organization Coordination
IR-4(8)Correlation With External Organizations
IR-4(9)Dynamic Response Capability
IR-4(10)Supply Chain Coordination
IR-4(11)Integrated Incident Response Team
HIGH
IR-4(12)Malicious Code And Forensic Analysis
IR-4(13)Behavior Analysis
IR-4(14)Security Operations Center
IR-4(15)Public Relations And Reputation Repair
IR-5Incident Monitoring
LOW
MODERATE
HIGH
PRIVACY
IR-5(1)Automated Tracking, Data Collection, And Analysis
HIGH
IR-6Incident Reporting
LOW
MODERATE
HIGH
PRIVACY
IR-6(1)Automated Reporting
MODERATE
HIGH
IR-6(2)Vulnerabilities Related To Incidents
IR-6(3)Supply Chain Coordination
MODERATE
HIGH
IR-7Incident Response Assistance
LOW
MODERATE
HIGH
PRIVACY
IR-7(1)Automation Support For Availability Of Information And Support
MODERATE
HIGH
IR-7(2)Coordination With External Providers
IR-8Incident Response Plan
LOW
MODERATE
HIGH
PRIVACY
IR-8(1)Breaches
PRIVACY
IR-9Information Spillage Response
IR-9(1)Responsible Personnel
IR-9(2)Training
IR-9(3)Post-Spill Operations
IR-9(4)Exposure To Unauthorized Personnel
IR-10Integrated Information Security Analysis Team