CIS Control 17 focuses on the inevitability of data breaches and the necessity of being prepared for incident response. The key takeaways include the recommendation to use the control as a high-level overview and delve deeper into the topic with other guides like the CREST Cyber Security Incident Response Guide. Planning and communication are highlighted as crucial elements in responding to incidents, with an emphasis on limiting the duration attackers have access to systems
The document outlines safeguards such as designating personnel for incident handling, establishing contact information for reporting incidents, and defining incident response processes. It also stresses the importance of conducting routine incident response exercises, post-incident reviews, and setting security incident thresholds. By following these guidelines, organizations can enhance their incident response capabilities and protect their data from cyber threats. https://www.tripwire.com/state-of-security/cis-control-17