SEC 10. How do you anticipate, respond to, and recover from incidents?

Even with mature preventive and detective controls, your organization should implement mechanisms to respond to and mitigate the potential impact of security incidents. Your preparation strongly affects the ability of your teams to operate effectively during an incident, to isolate, contain and perform forensics on issues, and to restore operations to a known good state. Putting in place the tools and access ahead of a security incident, then routinely practicing incident response through game days, helps ensure that you can recover while minimizing business disruption.

Best practices

SEC10-BP01 Identify key personnel and external resources
SEC10-BP02 Develop incident management plans
SEC10-BP03 Prepare forensic capabilities
SEC10-BP04 Develop and test security incident response playbooks
SEC10-BP05 Pre-provision access
SEC10-BP06 Pre-deploy tools
SEC10-BP07 Run simulations
SEC10-BP08 Establish a framework for learning from incidents

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Incident response

SEC10-BP01 Identify key personnel and external resources