Incident Management
Manage security-related incidents and near incidents. Develop and train incident response teams to identify and limit exposure, manage communications, and coordinate with regulatory bodies as appropriate.
Improvement Planning
Practices-Outcomes-Metrics (POM)
Representative POMs are described for Incident Management at each level of maturity.
- 1Initial
- Practice
- Prioritize steps to manage security incidents.
- Outcome
- Security event handling follows high level steps.
- Metric
- # Prioritization documents # Staff aware of these documents
- 2Basic
- Practice
- Develop basic security incident management handling processes within IT. Log and track all security-related incidents to closure.
- Outcome
- Specified security incidents can be handled effectively. Issues do not get forgotten about and actions from security incident handling get addressed.
- Metric
- # Specific incidents covered by advice provided ~ Issues open/closed, by business unit
- 3Intermediate
- Practice
- Prioritize and manage security incidents based on the urgency to restore services. Record security incidents and incident handling actions in IT and some business units.
- Outcome
- Business recovery priorities are facilitated in recovery and incident management. Historical data is built up and this enables lessons to be learnt from the past.
- Metric
- # Business units that have contributed to the prioritization exercise. # Business units not contributing to business continuity planning # Incidents and time since last historical review
- 4Advanced
- Practice
- Root cause analyse any serious or recurring incidents to ensure corrective actions can be identified and implemented organization-wide. Record and track business continuity incidents organization-wide.
- Outcome
- Serious incidents are prevented or mitigated in the future. Recurring issues are eliminated or mitigated. Business continuity issues are logged and tracked to closure organization-wide.
- Metric
- # Serious issues and % resolved # Recurring issues stopped ~ Issue tracking open/close by business unit
- 5Optimized
- Practice
- Proactively work to avoid business continuity issues across the business ecosystem. Use automated incident prediction systems. Effectively manage security incidents.
- Outcome
- Many potential business disruptions are avoided. Many security issues are warned of in advance and can be managed e.g. industrial action at a supplier, scheduled transport or power disruptions etc. Effectively managing security incidents can greatly reduce the impact of such incidents.
- Metric
- # Issues or near incidents effectively managed % System identified potential issue/manually identified issues # Systemically identified issues # Manually identified issues # Unforeseen or unanticipated major incidents