17.7: Conduct Routine Incident Response Exercises

CSF v1.1 References:

PF v1.0 References:

Group:

Previous Version:

Control Statement

Plan and conduct routine incident response exercises and scenarios for key personnel involved in the incident response process to prepare for responding to real-world incidents. Exercises need to test communication channels, decision making, and workflows. Conduct testing on an annual basis, at a minimum.

[csf.tools Note: For more information on the Critical Security Controls, visit the Center for Internet Security.]