12.10.4 Provide appropriate training to staff with security breach response responsibilities

12.10.4 Provide appropriate training to staff with security breach response responsibilities.

12.10.4 Verify through observation, review of policies, and interviews of responsible personnel that staff with responsibilities for security breach response are periodically trained.

Without a trained and readily available incident response team, extended damage to the network could occur, and critical data and systems may become “polluted” by inappropriate handling of the targeted systems. This can hinder the success of a post-incident investigation.