The Response phase of the Framework focuses primarily on resolving control failures due to deficiencies identified through the Monitoring phase or from unexpected breaches and other security incidents. In most cases control failures and breaches should be addressed by moving to the next two cycles in the Framework - assessing the risk from the failure and then identifying the appropriate adjustment to the control environment. This applies even in the heat of a major security incident. Before a reaction plan can be implemented the business needs to first dimension the loss (risk assessment) and then identify the appropriate mitigation process (control).
©2009 ISRMC, LLC