ID.IM.02:
Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties
Implementation Examples
Ex1:
Identify improvements for future incident response activities based on findings from incident response assessments (e.g., tabletop exercises and simulations, tests, internal reviews, independent audits)
Ex2:
Identify improvements for future business continuity, disaster recovery, and incident response activities based on exercises performed in coordination with critical service providers and product suppliers
Ex3:
Involve internal stakeholders (e.g., senior executives, legal department, HR) in security tests and exercises as appropriate
Ex4:
Perform penetration testing to identify opportunities to improve the security posture of selected high-risk systems as approved by leadership
Ex5:
Exercise contingency plans for responding to and recovering from the discovery that products or services did not originate with the contracted supplier or partner or were altered before receipt
Ex6:
Collect and analyze performance metrics using security tools and services to inform improvements to the cybersecurity program