RS.MA - Incident Management: Contribute case study test steps and artifacts #46
Description
Description:
Help us develop assessment materials for RS.MA - Incident Management, a core RESPOND category.
About This Category
Incident Management covers:
- Incident response plan execution
- Incident triage and validation
- Incident categorization and prioritization
- Incident escalation procedures
- Incident recovery criteria
- Incident tracking and status reporting
Alma Security Context: Alma Security is implementing an Incident Response Enhancement project (Priority High, May-September 2026) to develop and implement a 24/7 incident response team. Current gaps include not having round-the-clock incident management capability. SOC tickets (1001, 1004, 1005) provide realistic incident examples requiring management.
What We Need
-
Test Procedures - Assessment steps for incident management:
- Incident response plan completeness review
- Incident reporting process validation
- Triage and validation procedures
- Categorization and prioritization criteria
- Escalation path validation
- Incident tracking system review
- Status reporting and communication
- Incident closure procedures
-
Assessment Artifacts - Supporting documentation:
- Incident Response Plan
- Incident Response Procedures
- Incident Categories and Severity Definitions
- Escalation Matrix and Procedures
- Sample Incident Tickets (SOC 1001, 1004, 1005)
- Incident Tracking System Configuration
- Status Reporting Examples
- Interview notes with incident management team
-
Implementation Description - Alma's incident management program
Submission Guidelines
- Reference CSF subcategories RS.MA-01 through RS.MA-05
- Use SOC incidents as realistic examples
- Address 24/7 incident response gap
- Show incident categorization and triage
- Include escalation and management procedures
- Format as Markdown