Control: The organisation provides an incident response support resource, integral to the organisational incident response capability that offers advice and assistance to users of the information system for the handling and reporting of security incidents.
Incident Response Assistance Control Enhancements:
IR-7 (1) Incident Response Assistance - Automation support for availability of information / support
The organisation employs automated mechanisms to increase the availability of incident response-related information and support.
Supplemental Guidance: Automated mechanisms can provide a push and / or pull capability for users to obtain incident response assistance. For example, individuals might have access to a website to query the assistance capability, or conversely, the assistance capability may have the ability to proactively send information to users (general distribution or targeted) as part of increasing understanding of current response capabilities and support.
IR-7 (2) Incident Response Assistance - Coordination with external providers
The organisation:
- (a) Establishes a direct, cooperative relationship between its incident response capability and external providers of information system protection capability; and
- (b) Identifies organisational incident response team members to the external providers.
Supplemental Guidance: External providers of information system protection capability include, for example, the Crown Commercial Services within the British Government. External providers help to protect, monitor, analyse, detect, and respond to unauthorised activity within organisational information systems and networks.