| Source | Azure Portal | ||||||||||||||||||||||
| Display name | Microsoft Managed Control 1353 - Incident Response Training | ||||||||||||||||||||||
| Id | c785ad59-f78f-44ad-9a7f-d1202318c748 | ||||||||||||||||||||||
| Version | 1.0.0 Details on versioning |
||||||||||||||||||||||
| Category | Regulatory Compliance Microsoft Learn |
||||||||||||||||||||||
| Description | Microsoft implements this Incident Response control | ||||||||||||||||||||||
| Additional metadata |
Name/Id: ACF1353 / Microsoft Managed Control 1353 Category: Incident Response Title: Incident Response Training - Required Timeframe Ownership: Customer, Microsoft Description: The organization provides incident response training to information system users consistent with assigned roles and responsibilities: Within as part of onboarding of assuming an incident response role or responsibility; Requirements: Microsoft provides training annually to all Azure personnel on how to recognize, respond to, and report incidents as part of the basic security awareness training provided via the Security and Privacy Foundations and STRIKE training. As documented in the Azure Incident Management SOP, incident managers ensure that all personnel, including new hires, are trained on incident handling procedures and protocols consistent with assigned roles and responsibilities. This training is comprised of on-the-job oversight by current members of the Security Response Team. The Security Response Team uses job shadowing of real incidents and red team engagements due to the centralized nature of the incident management function in Azure and the availability of job-shadowing within the Security Response Team. Live, ongoing, on-the-job training provides a more thorough and realistic incident management training environment by indoctrinating all stakeholders with the incident management procedures in real time. After a period of apprenticeship, generally around sixty days, the Security Response Team provides unaccompanied access to all necessary systems, if appropriate. While there is no specific annual refresher course in incident management, the Security Response Team is continuously trained through daily incident management activities, team meetings, and engagement with external organizations. The following roles in Azure Incident Management require specific on-boarding training: Incident Engineer, Incident Manager, Security Incident Engineer, Security Incident Manager, and Communications Manager. Part of the training replicates a real incident and walks personnel through the incident management process. Additionally, incident management tests and exercises are considered in-place training and are used to support other onsite training for new employees and other support staff with incident roles. Personnel are not made aware that they are being tested during incident management tests. As part of the service team-specific incident management procedures, each team provides additional information and training to provide an understanding of the team’s distinct responsibilities and accountabilities in support of incident management. Service teams designate incident management personnel or distribution lists as part of Service Tree configurations. |
||||||||||||||||||||||
| Mode | Indexed | ||||||||||||||||||||||
| Type | Static | ||||||||||||||||||||||
| Preview | False | ||||||||||||||||||||||
| Deprecated | False | ||||||||||||||||||||||
| Effect | Fixed audit |
||||||||||||||||||||||
| RBAC role(s) | none | ||||||||||||||||||||||
| Rule aliases | none | ||||||||||||||||||||||
| Rule resource types | IF (2) Microsoft.Resources/subscriptions Microsoft.Resources/subscriptions/resourceGroups |
||||||||||||||||||||||
| Compliance |
The following 1 compliance controls are associated with this Policy definition 'Microsoft Managed Control 1353 - Incident Response Training' (c785ad59-f78f-44ad-9a7f-d1202318c748)
| ||||||||||||||||||||||
| Initiatives usage |
|
||||||||||||||||||||||
| History | none | ||||||||||||||||||||||
| JSON compare | n/a | ||||||||||||||||||||||
| JSON |
|