Prepare for an Incident

(Back)

Objective

Establish an incident management plan, with clearly defined actions, roles and responsibilities, to ensure that cyber security incidents are contained, eradicated and recovered from in a timely manner.

Description

• Develop a departmental cyber security event management plan (CSEMP) with clear roles and responsibilities, in alignment with the Government of Canada Cyber Security Event Management Plan.
• Test the departmental CSEMP at regular intervals:
  • It is strongly advised to test the CSEMP annually.
• Maintain an up-to-date list of internal and external contacts for ransomware attacks, including law enforcement.

References

TBS

1. Policy on Service and Digital (4.4.2.7)
2. DSD (4.4.4.2, 4.4.4.3)
3. DSM Appendix B (B.2.3.10)
4. DSM Appendix D (D.2.2.3)
5. DSM Appendix G (G.2.2)
6. GC CSEMP, and
7. Department Cyber Security Event Management Plan (CSEMP) Template

CCCS

1. Developing your incident response plan (ITSAP.40.003), and
2. Ransomware Playbook (ITSM.00.099) (3.1.2.5)

Related Security Controls (ITSG-33)

IR-4, IR-4(1), IR-4(3)