Electronic Books

2. Does a comprehensive documented business continuity and disaster recovery plan
(DRP) exist?
10.3. Is the plan exercised annually for training and test purposes?
Setting Priorities in Your Security Program
97
11. Incident handling
11.1. Has an incident response (IR) process been documented?
11.2. Have key personnel been trained on this process?
11.3. Are there regular drills to reinforce the training?
11.4. Are outcomes and lessons learned from previous incidents used to improve the process?
11.5. Has management provided clear direction as to involvement of law enforcement on
incidents?
11.6. Is there adequate technical expertise available either in-house or on contract for forensic
analysis?
12. Training and awareness
12.1. Is there an employee security awareness program in place?
12.2. Do employees understand their roles and responsibilities in helping to maintain the
security of the organization and protect its information assets?
Characteristics of Security Program Maturity
Th e following sections describe characteristics of security programs at each of the four levels of
maturity de?¬? ned in this chapter. Note that organizations will not typically exhibit all of the characteristics
within a given level. Instead, they may be more advanced in some, less in others. It of
course depends on what areas have been emphasized to that point in time.
Maturity Level 1
At this level, there is really no security ???program??? to speak of.


Pages:
169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193