4.4 | Mitigation (4.4): Strategic activities are performed to prevent further escalation of a security incident, and measures to mitigate and eliminate the threat. |
|
|
| Metric | Met4.4 |
4.4.1 | RS.MI-1: Incidents in the cloud are contained when they occur as per previous reports? | HIGH | · ISA 62443-2-1:2009 4.3.4.5.6 · ISA 62443-3-3:2013 SR 5.1, SR 5.2, SR 5.4 · ISO/IEC 27001:2013 A.16.1.5 · NIST SP 800-53 Rev. 4 IR-4 | Cloud Provider | Sub Metric | Met4.4.1 |
4.4.2 | RS.MI-2: Incidents in the cloud are mitigated when they occur as per previous reports? | HIGH | · ISA 62443-2-1:2009 4.3.4.5.6, 4.3.4.5.10 · ISO/IEC 27001:2013 A.12.2.1, A.16.1.5 · NIST SP 800-53 Rev. 4 IR-4 | Cloud Provider | Sub Metric | Met4.4.2 |
4.4.3 | RS.MI-3: Are any new vulnerabilities mitigated or documented as accepted risks? | HIGH | · ISO/IEC 27001:2013 A.12.6.1 · NIST SP 800-53 Rev. 4 CA-7, RA-3, RA-5 | Cloud Provider | Sub Metric | Met4.4.3 |
4.5 | Improvements (4.5): SME’s response activities are improved by incorporating lessons learned from current and previous detection/response activities. |
|
|
| Metric | Met4.5 |
4.5.1 | RS.IM-1: Are response plans updates to include lessons learned? | LOW | · COBIT 5 BAI01.13 · ISA 62443-2-1:2009 4.3.4.5.10, 4.4.3.4 · ISO/IEC 27001:2013 A.16.1.6 · NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8 | Cloud Provider/ Admin | Sub Metric | Met4.5.1 |
4.5.2 | RS.IM-2: Are response strategies updated accordingly? | LOW | · NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8 | Cloud Provider/ Admin | Sub Metric | Met4.5.2 |
5 | RECOVER FROM BREACHES IN THE CLOUD |
|
|
| Group Metric | Met5 |
5.1 | Recovery Planning (5.1): Recovery procedures and techniques are performed and continued to make sure apt restoration of IT systems or assets that may be affected by the security events. |
|
|
| Metric | Met5.1 |
5.1.1 | RC.RP-1: Is the recovery plan effected in case of an event? | MEDIUM | · CCS CSC 8 · COBIT 5 DSS02.05, DSS03.04 · ISO/IEC 27001:2013 A.16.1.5 · NIST SP 800-53 Rev. 4 CP-10, IR-4, IR-8 | Cloud Provider | Sub Metric | Met5.1.1 |
5.2 | Improvements (5.2): Recovery planning and techniques are continuously upgraded by including lessons learned. |
|
|
| Metric | Met5.2 |
5.2.1 | RC.IM-1: Do all recovery documents include lessons learned? | LOW | · COBIT 5 BAI05.07 · ISA 62443-2-1 4.4.3.4 · NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8 | Cloud Provider/ Admin | Sub Metric | Met5.2.1 |
5.2.2 | RC.IM-2: Are all the recovery strategies updated? | LOW | · COBIT 5 BAI07.08 · NIST SP 800-53 Rev. 4 CP-2, IR-4, IR-8 | Cloud Provider/ Admin | Sub Metric | Met5.2.2 |
5.3 | Communications (5.3): Restoration activities are coordinated with the SMEs |
|
|
| Metric | Met5.3 |
5.3.3 | RC.CO-3: Restoration accomplishments are communicated to SME teams. | MEDIUM | · NIST SP 800-53 Rev. 4 CP-2, IR-4 | Cloud Provider | Sub Metric | Met5.3.3 |