Description

The process for testing the effectiveness of the incident response capabilities.

Applicability

  • This Control applies to the university Chief Information Security Officer.

Implementation

  • 1

    The Incident Response Plan shall be tested, at least annually, with tabletop exercises or other means to review and refine incident response procedures.

  • 2

    Annual testing shall identify lessons learned for continuous improvement of incident response procedures.