The organisation should plan and prepare for managing information security incidents by defining, establishing and communicating information security incident management processes, roles and responsibilities.
Incident management is one of the most vital processes in an organisation's information security management system.
An incident management procedure is one of the most critical aspects of an Information Security Management System. Without a proper incident management plan, an organisation would encounter severe challenges if an incident occurred. From the control requirements, it is clear that this control needs to be well-defined, established and communicated with responsible people identified. Reasonably, when an organisation has a clear definition of an incident, if the same or similar incident happens, people accountable in the organisation should know what to do next. Therefore, a proper, well-structured incident management document is a must for an organisation. Moreover, it is not only about having an incident management document, but it is essential to practice and ensure the document is battlefield tested.
AvISO will be updating and reviewing all the information regularly, so keep us bookmarked and keep checking!
Got a question or need help? Don't hesitate to reach out to our team.