Applicable

(Y)es / (N)o

(C)onfidentiality

(I)ntegrity

(A)vailability

RPN

(C+I+A)

(S)atisfactory

L1

M2

H3

L1

M2

H3

L1

M2

H3

(O)ther than satisfactory +##

ir-2

incident response training  

assessment objective:

Determine if the organization:

ir-2(a)    

ir-2(a)[1]

defines a time period within which incident response training is to be provided to information system users assuming an incident response role or responsibility;

ir-2(a)[2]

provides incident response training to information system users consistent with assigned roles and responsibilities within the organization-defined time period of assuming an incident response role or responsibility;

ir-2(b)    

provides incident response training to information system users consistent with assigned roles and responsibilities when required by information system changes;

ir-2(c)    

ir-2(c)[1]

defines the frequency to provide refresher incident response training to information system users consistent with assigned roles or responsibilities; and

ir-2(c)[2]

after the initial incident response training, provides refresher incident response training to information system users consistent with assigned roles and responsibilities in accordance with the organization-defined frequency to provide refresher training.

potential assessment methods and objects:

Examine: [select from: Incident response policy; procedures addressing incident response training; incident response training curriculum; incident response training materials; security plan; incident response plan; security plan; incident response training records; other relevant documents or records].

Interview: [select from: Organizational personnel with incident response training and operational responsibilities; organizational personnel with information security responsibilities].