CCI-000829

Correlate incident information and individual incident responses to achieve an organization-wide perspective on incident awareness and response.

Implementation Guidance

Determine if incident information and individual incident responses are correlated to achieve an organization-wide perspective on incident awareness and response

Validation Procedures

Examine: [SELECT FROM: Incident response policy; procedures addressing incident handling; incident response plan; privacy plan; mechanisms supporting incident and event correlation; system design documentation; system configuration settings and associated documentation; system security plan; privacy plan; incident management correlation logs; event management correlation logs; security information and event management logs; incident management correlation reports; event management correlation reports; security information and event management reports; audit records; other relevant documents or records]. Interview: [SELECT FROM: Organizational personnel with incident handling responsibilities; organizational personnel with information security and privacy responsibilities; organizational personnel with whom incident information and individual incident responses are to be correlated]. Test: [SELECT FROM: Organizational processes for correlating incident information and individual incident responses; mechanisms that support and or implement the correlation of incident response information with individual incident responses].

The controls below (if any) were marked by NIST as being related to CCI-000829.