The organization shall ensure that clear persons are assigned to incident management responsibilities, e.g. handling the first response for incidents.
Incident management personnel need to be instructed and trained to understand the organization's priorities in dealing with security incidents.
The organization shall determine what security events it monitors and in what ways.
Security events should be monitored from a variety of sources to identify important potential incidents that require a response. Information can be obtained e.g. directly from the management system, external partners, or logs generated by the organization’s equipment.
Examples of security incidents that can be monitored include:
The organization has defined a process and the team involved in responding promptly to security incidents and deciding on the appropriate actions.
The first level response process includes at least: