Summary
This Technical Report (TR) provides advice and guidance on information security incident management for information security managers, and information system, service and network managers.
It is essential for any organization that is serious about information security to have a structured and planned approach to:
- detect, report and assess information security incidents
- respond to information security incidents, including by the activation of appropriate safeguards for the prevention and reduction of, and recovery from, impacts (for example in the support and business continuity planning areas)
- learn from information security incidents, institute preventive safeguards, and, over time, make improvements to the overall approach to information security incident management.
Contents
Foreword
Introduction
1 Scope
2 Normative References
3 Terms and Definitions
4 Background
5 Benefits and Key Issues
6 Examples of Information Security Incidents and their Causes
7 Plan and Prepare
8 Use
9 Review
10 Improve
11 Summary
Annex A (informative) Example Information Security Event and Incident Report Forms
Annex B (informative) Example Outline Guidelines for Assessing Information Security Incidents
Bibliography