Phase 4: CAF-D

Minimising the impact of any cyber incidents.

CAF D1

Response and Recovery

OESs should be able to demonstrate a measurable well-defined and practiced method for incident management, designed to minimise the risk and length of a critical service failure. This should include an incident response plan, response and containment, and mitigation of physical failures.
In addition to digital restoration systems, such as air-gapped backups, the resilience of physical systems must also be taken into account, which means infrastructure should be designed with an appropriate level of redundancy inherent in the design, with no single points of failure.

CAF D2

Lessons Learnt

All incidents must be comprehensively documented and used to drive iterative improvement. This requires informed reporting, transparency, and clear roles, responsibilities, and training. The outcome should be actionable improvements that accommodate all relevant organisational, technical, and human factors.