SEF-06: Event Triage Processes

Previous Version:

Control Statement

Define, implement and evaluate processes, procedures and technical measures supporting business processes to triage security-related events.

Implementation Guidance

Processes, procedures, and technical measures should be defined and implemented to support the investigation and evaluation of security-related events that allow the organization to prioritize events by severity and impact. The objective for these measures is to prioritize the timely analysis of event information and rapid engagement of the incident response process. Methodologies—including processes, tools, or machine learning algorithms used in incident handling—should periodically be reviewed for efficacy and accuracy in the current operating environment.

Auditing Guidance

  1. Verify if operational processes that help the organization to prepare for, identify, detect, protect, respond to and recover from information security incidents in a step-by-step manner exist.
  2. Verify if tools that support these organizational procedures to triage security related events complement the ability of the teams to detect, review, monitor and quickly decide upon the context and the possible impact of the incident as it happens and over time.

[ Note: For more information on the Cloud Controls Matrix, visit the CSA Cloud Controls Matrix Homepage.]

Cloud Control Matrix is Copyright 2023 Cloud Security Alliance.