IRO — Incident Response
41 controls in the Incident Response domain
IRO-01Incident Response Operations
IRO-02Incident Handling
IRO-02.1Automated Incident Handling Processes
IRO-02.2Insider Threat Response Capability
IRO-02.3Dynamic Reconfiguration
IRO-02.4Incident Classification & Prioritization
IRO-02.5Correlation with External Organizations
IRO-02.6Automatic Disabling of Technology Assets, Applications and/or Services (TAAS)
IRO-03Indicators of Compromise (IOC)
IRO-04Incident Response Plan (IRP)
IRO-04.1Data Breach
IRO-04.2IRP Update
IRO-04.3Continuous Incident Response Improvements
IRO-05Incident Response Training
IRO-05.1Simulated Incidents
IRO-05.2Automated Incident Response Training Environments
IRO-06Incident Response Testing
IRO-06.1Coordination with Related Plans
IRO-07Integrated Security Incident Response Team (ISIRT)
IRO-08Chain of Custody & Forensics
IRO-09Situational Awareness For Incidents
IRO-09.1Automated Tracking, Data Collection & Analysis
IRO-09.2Recurring Incident Analysis
IRO-10Incident Stakeholder Reporting
IRO-10.1Automated Reporting
IRO-10.2Cyber Incident Reporting for Sensitive / Regulated Data
IRO-10.3Vulnerabilities Related To Incidents
IRO-10.4Supply Chain Coordination
IRO-10.5Serious Incident Reporting
IRO-11Incident Reporting Assistance
IRO-11.1Automation Support of Availability of Information / Support
IRO-11.2Coordination With External Providers
IRO-12Sensitive / Regulated Data Spill Response
IRO-12.1Sensitive / Regulated Data Spill Responsible Personnel
IRO-12.2Sensitive / Regulated Data Spill Training
IRO-12.3Post-Sensitive / Regulated Data Spill Operations
IRO-12.4Sensitive / Regulated Data Exposure to Unauthorized Personnel
IRO-13Root Cause Analysis (RCA) & Lessons Learned
IRO-14Regulatory & Law Enforcement Contacts
IRO-15Detonation Chambers (Sandboxes)
IRO-16Public Relations & Reputation Repair