IR-03 Incident Response Testing
Test the effectiveness of the incident response capability for the system ir-03_odp.01 using the following tests: ir-03_odp.02.
| Parameter ID | Definition |
|---|---|
| ir-03_odp.01 | frequency |
| ir-03_odp.02 | tests |
Baselines
- L
- M
- H
- P
Guidance
Organizations test incident response capabilities to determine their effectiveness and identify potential weaknesses or deficiencies. Incident response testing includes the use of checklists, walk-through or tabletop exercises, and simulations (parallel or full interrupt). Incident response testing can include a determination of the effects on organizational operations and assets and individuals due to incident response. The use of qualitative and quantitative data aids in determining the effectiveness of incident response processes.
References 3
- OMB A-130 Office of Management and Budget Memorandum Circular A-130, *Managing Information as a Strategic Resource* , July 2016.
- SP 800-84 Grance T, Nolan T, Burke K, Dudley R, White G, Good T (2006) Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-84.
- SP 800-115 Scarfone KA, Souppaya MP, Cody A, Orebaugh AD (2008) Technical Guide to Information Security Testing and Assessment. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-115.
Control Enhancements 3
- IR-03(01) Automated Testing L M H P
- IR-03(02) Coordination with Related Plans L M H P
- IR-03(03) Continuous Improvement L M H P
Related controls 6
- CP-03 Contingency Training L M H P
- CP-04 Contingency Plan Testing L M H P
- IR-02 Incident Response Training L M H P
- IR-04 Incident Handling L M H P
- IR-08 Incident Response Plan L M H P
- PM-14 Testing, Training, and Monitoring L M H P