Automate Security Responses & Incident Remediation

This standard mandates the automation of security responses and incident remediation to reduce the impact of security incidents with automated defences.

1. Automate Security Responses & Incident Remediation:

Reduce the impact of security incidents with automated defences. This approach ensures rapid and consistent incident response.

• 1.1 Automated Policy Enforcement:
  • 1.1.1 Security Violation Handling:
    • Implement automated policy enforcement for security violations.
    • Automate the configuration of policy enforcement rules.
  • 1.1.2 Enforcement Management:
    • Automate the tracking of policy enforcement actions.
    • Implement enforcement tutorials.
• 1.2 Security Orchestration, Automation, and Response (SOAR):
  • 1.2.1 Real-Time Response Triggering:
    • Use SOAR (Security Orchestration, Automation, and Response) to trigger real-time responses.
    • Automate the configuration of SOAR tools.
  • 1.2.2 Response Management:
    • Automate the execution of SOAR responses.
    • Implement response feedback collection.
• 1.3 Automatic Quarantine:
  • 1.3.1 Compromised Device Handling:
    • Apply automatic quarantine of compromised devices or user accounts.
    • Automate the quarantine process.
  • 1.3.2 Quarantine Management:
    • Automate the tracking of quarantined devices.
    • Implement quarantine tutorials.

By automating security responses, organisations can reduce the impact of security incidents.

---