Cybersecurity incident responses leverage and trigger predefined states of operation (SITUATION-3g)
Context and Guidance: Effective response requires detailed, in-advance planning for a range of potential threats and incidents. SITUATION-3g defines “predefined states of operation” and describes how they can be used to ensure responses are specific, measured, and appropriate for the level of operational impact of the incident. A typical example of this approach is to have a plan for minimising network usage to critical systems in the case of degraded network service. Another example is having a game plan ready to shift to a known good state if it becomes apparent that your critical operational data has been corrupted.
Related Practices • Dependency: Implementing this practice depends upon prior implementation of SITUATION-3g. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: RESPONSE-3b, RESPONSE-3e, RESPONSE-3h, RESPONSE-3i, RESPONSE-3l.