Follow-up analysis for security incidents

Critical
High
Normal
Low

If it is difficult to identify the source of a security incident based on the primary treatment, a separate follow-up analysis is performed for the incident, in which the root cause is sought to be identified.

Connected other frameworks and requirements:
16.1.6: Learning from information security incidents
ISO 27001
ID.RA-4: Impacts on business
NIST CSF
DE.DP-5: Detection processes improvment
NIST CSF
RS.AN-2: The impact of the incident
NIST CSF
RS.IM-1: Response plans
NIST CSF

Regular periodic analysis and learning of incidents

Critical
High
Normal
Low

The knowledge gained from analyzing and resolving security incidents should be used to reduce the likelihood of future incidents and their impact.

The organization regularly analyzes incidents as a whole. This process examines the type, amount and cost of incidents with the aim of identifying recurrent and significant incidents that need more action.

If recurrent incidents requiring response are identified, based on them:

  • new management tasks are created or current ones expanded
  • security guidelines in this area are refined or extended
  • a case example of the incident is created that is used to train staff to respond to or avoid similar incidents
Connected other frameworks and requirements:
16.1.6: Learning from information security incidents
ISO 27001
PR.IP-7: Protection processes
NIST CSF
PR.IP-8: Protection effectiveness
NIST CSF
DE.DP-5: Detection processes improvment
NIST CSF
RS.AN-2: The impact of the incident
NIST CSF

Communicating the results of cyber security incident analysis

Critical
High
Normal
Low

The organization has defined procedures to ensure that the original reporter and other personnel involved in the incident are informed of the outcome of the incident management.

Linked personnel can be documented on an optional field on the incident documentation template.

Connected other frameworks and requirements:
16.1.6: Learning from information security incidents
ISO 27001
PR.IP-8: Protection effectiveness
NIST CSF
DE.DP-4: Event detection
NIST CSF
5.27: Learning from information security incidents
ISO 27001
No items found.