A person(s) must be formally assigned the responsibility to create and distribute security incident response and procedures to the personnel.
Area Responsible : Information Dynamics
Manager : Soundar / Shaik
Security Team : Sankar / Linda
CAUTION : No staff member, except the designated Information Security personal has authority to discuss any security incident with any person(s) outside Information Dynamics.
10. Incident Response Plan Coverage
The response plan must include at a minimum the following
• Roles, responsibilities, communication strategies in event a compromise.
• Coverage and responses for all critical system components.
• Notification, at a minimum, credit and acquirers.
• for business continuity post reference or of response procedures card associations.
• of legal for reporting compromises.
• Data and of Critical systems
11. Incident Response Mechanism
The incident response plan must define an incident escalation process. It should pre-define the personnel responsible for immediate incident response and the persons to whom the incident should be escalated incase of incident remaining unresolved.
[ Reference : Section7. Incident Response Process]
12. Testing of Incident Response Plan
The incident response plan must be tested at least once annually. All testing results must be documented and the incident response plan must be changed depending on the testing results.
[ Reference : Doc - <Security Incident Test Plan Procedure_v1]