Häiriöön vastaamissuunnitelman kehittäminen kriittisille tietojärjestelmille


The organization shall establish a incident response plan for security incidents to critical information systems. Response plans should also be tested by the necessary organizational elements. The plan should take into account at least:

  • The purpose of the information system and the precautions to be taken in the event of its disruption
  • Recovery plans, targets, and priorities for the order of recovery of assets
  • The role of implementing the response plans and the contact details of the persons assigned to the roles
  •  Continuation of normal operations regardless of the state of the information systems.
  • Distribution, approval and review of response plans

In addition, the plan should at least:

  • Establish a roadmap for developing disruption management capacity
  • Describe the structure and organization of incident management capability
  • Provides metrics to measure incident management capability
Liittyvät muut vaatimuskehikot ja vaatimukset:
RS.RP: Response Planning
RS.RP-1: Incident response plan
No items found.