Skip to main content

Incident Response Management: IR Handling

Security Domain

CIS Control 17 – Incident Response Management
NIST CSF – Response: Incident Management (RS.MA), Incident Analysis (RS.AN), Incident Response Reporting and Communication (RS.CO), Incident Management (RS.MI)
NIST 800-53 – Incident Response

What Is Incident Response?

Incident Response is the collective effort taken by an organization to minimize damage, reduce downtime, and restore normal operations as quickly as possible after an incident occurs. Overall, this works to help create, provision and operate an organization’s incident response capability. NCDPI divides this process into 2 pieces to better understand the required actions and responsibilities: Incident Response Capability Planning and Incident Response Handling.

Incident Response Handling

Incident Response Handling focuses on the actions and efforts required to effectively respond to an incident after it has been confirmed. This includes coordinating among local, state, and federal partners and assisting PSUs in performing the technical and business recovery steps.

Service Description

Provide cyber security assistance to State, Local, and Critical Infrastructure providers

The state provides subject matter experts, resources, and assistance in various forms ranging from consultation and guidance, to deployment of the N.C. Joint Cyber Security Task Force to assist as needed. Incidents should be reported even if your agency is not requesting assistance.

Product

NCDIT Cyber Incident Management via N.C. Joint Cyber Security Task Force

Key Benefits

Incident response – This includes conducting forensics to identify root-cause, damage assessment and mitigation, and coordination with law enforcement activities as needed. Lastly, it includes information-sharing of indicators of compromise.
Recovery response – This effort could include establishing best practice recovery methods, system hardening, restoration of services and infrastructure rebuild.

Context Note

Please keep in mind that every incident may not necessitate a full-scale response from a group as robust as the NCJCTF. Depending on the impact and severity of said incident, an appropriate response could be to reach out to NCDPI, MCNC, Friday Institute, and/or any of the other proactive-oriented organizations. If you are not sure what level of reaction is appropriate, we recommend reaching out to the JCTF to start.

Cost to PSUs

No cost – funded by NCDIT

PSU Time Commitment

Upfront/Setup: N/A
Ongoing: Varies depending on the severity of the cyber incident

How to get this service

Report cybersecurity incidents to the N.C. Joint Cyber Security Task Force by contacting the N.C. Emergency Management 24-Hour Watch Center, at NCEOC@ncdps.gov or at 1-800-858-0368

Key Resources