Description
The organization trains personnel in their incident response roles and responsibilities with respect to the information system and provides refresher training [Assignment: organization- defined frequency, at least annually].\n
Supplemental Guidance
None.\n
Changes from Rev 4
Adds 'or acquiring system access' to text New text requires review and update incident response training content at a specified frequency and following specified events Discussion includes examples of events that may precipitate an update to incident response training content
Enhancements
\n
Compliance Mappings
ISO 27002:2022
5.29
ISO 17799 (legacy)
13.1.1
COBIT 4.1 (legacy)
None.