Description
The process for testing the effectiveness of the incident response capabilities.
Applicability
-
This Control applies to the university Chief Information Security Officer.
Implementation
-
1
The Incident Response Plan shall be tested, at least annually, with tabletop exercises or other means to review and refine incident response procedures.
-
2
Annual testing shall identify lessons learned for continuous improvement of incident response procedures.