IVI Framework Viewer

Incident Management

E2

Manage security-related incidents and near incidents. Develop and train incident response teams to identify and limit exposure, manage communications, and coordinate with regulatory bodies as appropriate.

Improvement Planning

Practices-Outcomes-Metrics (POM)

Representative POMs are described for Incident Management at each level of maturity.

1Initial
  • Practice
    Prioritize steps to manage security incidents.
    Outcome
    Security event handling follows high level steps.
    Metric
    # Prioritization documents # Staff aware of these documents
2Basic
  • Practice
    Develop basic security incident management handling processes within IT. Log and track all security-related incidents to closure.
    Outcome
    Specified security incidents can be handled effectively. Issues do not get forgotten about and actions from security incident handling get addressed.
    Metric
    # Specific incidents covered by advice provided ~ Issues open/closed, by business unit
3Intermediate
  • Practice
    Prioritize and manage security incidents based on the urgency to restore services. Record security incidents and incident handling actions in IT and some business units.
    Outcome
    Business recovery priorities are facilitated in recovery and incident management. Historical data is built up and this enables lessons to be learnt from the past.
    Metric
    # Business units that have contributed to the prioritization exercise. # Business units not contributing to business continuity planning # Incidents and time since last historical review
4Advanced
  • Practice
    Root cause analyse any serious or recurring incidents to ensure corrective actions can be identified and implemented organization-wide. Record and track business continuity incidents organization-wide.
    Outcome
    Serious incidents are prevented or mitigated in the future. Recurring issues are eliminated or mitigated. Business continuity issues are logged and tracked to closure organization-wide.
    Metric
    # Serious issues and % resolved # Recurring issues stopped ~ Issue tracking open/close by business unit
5Optimized
  • Practice
    Proactively work to avoid business continuity issues across the business ecosystem. Use automated incident prediction systems. Effectively manage security incidents.
    Outcome
    Many potential business disruptions are avoided. Many security issues are warned of in advance and can be managed e.g. industrial action at a supplier, scheduled transport or power disruptions etc. Effectively managing security incidents can greatly reduce the impact of such incidents.
    Metric
    # Issues or near incidents effectively managed % System identified potential issue/manually identified issues # Systemically identified issues # Manually identified issues # Unforeseen or unanticipated major incidents