Risk: Unmonitored systems and lack of incident response plans may result in delayed or ineffective responses to breaches or failures.
Control:
Develop and maintain an Incident Response Plan covering detection, containment, eradication, recovery, and lessons learned.
Implement monitoring dashboards and alerts for suspicious activities (e.g., unauthorised access, transaction failures).
Conduct regular incident response drills.
NIST CSF Alignment:
RS.RP-1arrow-up-right: Response planning
RS.CO-1arrow-up-right: Response coordination with stakeholders
RC.IM-1arrow-up-right: Recovery and improvement after incidents
FCA Compliance:
SYSC 3arrow-up-right & 13arrow-up-right: Effective incident management and reporting
FG 16/5arrow-up-right: Proactive monitoring and breach notification processes
Last updated 7 months ago