Management of information security incidents and improvements

Objective: To ensure a consistent and effective approach is applied to the management of information security incidents

Responsibilities and procedures should be in place in the organisation to address the management of information security incidents.

Responsibilities and procedures

Management responsibilities should be known and documented for dealing with information security incidents. These procedures will cover dealing with and containing any information security incident in a timely and efficient manner from report to resolution.

Learning from information security incidents

Mechanisms for determining the types, volumes, and costs of incidents should be monitored and analysed. The results from this process should be used for reviewing the Information Security Policy and for user awareness.

Collection of evidence

Evidence used in either civil or criminal action must conform to the relevant rules for presentation of evidence for the jurisdiction in which the action is taking place.