If it is difficult to identify the source of a security incident based on the primary treatment, a separate follow-up analysis is performed for the incident, in which the root cause is sought to be identified.
The knowledge gained from analyzing and resolving security incidents should be used to reduce the likelihood of future incidents and their impact.
The organization regularly analyzes incidents as a whole. This process examines the type, amount and cost of incidents with the aim of identifying recurrent and significant incidents that need more action.
If recurrent incidents requiring response are identified, based on them: