19.4: Devise Organization-wide Standards for Reporting Incidents

Control Statement

Devise organization-wide standards for the time required for system administrators and other workforce members to report anomalous events to the incident handling team, the mechanisms for such reporting, and the kind of information that should be included in the incident notification.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]