4.4

Mitigation (4.4): Strategic activities are performed to prevent further escalation of a security incident, and measures to mitigate and eliminate the threat.

Metric

Met4.4

4.4.1

RS.MI-1: Incidents in the cloud are contained when they occur as per previous reports?

HIGH

· ISA 62443-2-1:2009 4.3.4.5.6

· ISA 62443-3-3:2013 SR 5.1, SR 5.2, SR 5.4

· ISO/IEC 27001:2013 A.16.1.5

· NIST SP 800-53 Rev. 4 IR-4

Cloud Provider

Sub Metric

Met4.4.1

4.4.2

RS.MI-2: Incidents in the cloud are mitigated when they occur as per previous reports?

HIGH

· ISA 62443-2-1:2009 4.3.4.5.6, 4.3.4.5.10

· ISO/IEC 27001:2013 A.12.2.1, A.16.1.5

· NIST SP 800-53 Rev. 4 IR-4

Cloud Provider

Sub Metric

Met4.4.2

4.4.3

RS.MI-3: Are any new vulnerabilities mitigated or documented as accepted risks?

HIGH

· ISO/IEC 27001:2013 A.12.6.1

· NIST SP 800-53 Rev. 4 CA-7, RA-3, RA-5

Cloud Provider

Sub Metric

Met4.4.3

4.5

Improvements (4.5): SME’s response activities are improved by incorporating lessons learned from current and previous detection/response activities.

Metric

Met4.5

4.5.1

RS.IM-1: Are response plans updates to include lessons learned?

LOW

· COBIT 5 BAI01.13

· ISA 62443-2-1:2009 4.3.4.5.10, 4.4.3.4

· ISO/IEC 27001:2013 A.16.1.6

· NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8

Cloud Provider/ Admin

Sub Metric

Met4.5.1

4.5.2

RS.IM-2: Are response strategies updated accordingly?

LOW

· NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8

Cloud Provider/ Admin

Sub Metric

Met4.5.2

5

RECOVER FROM BREACHES IN THE CLOUD

Group Metric

Met5

5.1

Recovery Planning (5.1): Recovery procedures and techniques are performed and continued to make sure apt restoration of IT systems or assets that may be affected by the security events.

Metric

Met5.1

5.1.1

RC.RP-1: Is the recovery plan effected in case of an event?

MEDIUM

· CCS CSC 8

· COBIT 5 DSS02.05, DSS03.04

· ISO/IEC 27001:2013 A.16.1.5

· NIST SP 800-53 Rev. 4 CP-10, IR-4, IR-8

Cloud Provider

Sub Metric

Met5.1.1

5.2

Improvements (5.2): Recovery planning and techniques are continuously upgraded by including lessons learned.

Metric

Met5.2

5.2.1

RC.IM-1: Do all recovery documents include lessons learned?

LOW

· COBIT 5 BAI05.07

· ISA 62443-2-1 4.4.3.4

· NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8

Cloud Provider/ Admin

Sub Metric

Met5.2.1

5.2.2

RC.IM-2: Are all the recovery strategies updated?

LOW

· COBIT 5 BAI07.08

· NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8

Cloud Provider/ Admin

Sub Metric

Met5.2.2

5.3

Communications (5.3): Restoration activities are coordinated with the SMEs

Metric

Met5.3

5.3.3

RC.CO-3: Restoration accomplishments are communicated to SME teams.

MEDIUM

· NIST SP 800-53 Rev. 4 CP-2, IR-4

Cloud Provider

Sub Metric

Met5.3.3