Security incident management

Security incident management is the process of identifying, reporting, analyzing and managing security incidents or breaches that occur in an institution. Key guidelines for government institutions in managing security incidents include:

• Prepare for handling incidents  [Mandatory] -  This includes defining a security incident management plan and guidance on how incidents are detected, reported, assessed, and responded to within the institution
• Roles and responsibilities  [Mandatory]- Define roles and responsibilities for security incident management. All employees, contractors, and third-party users should be made aware of their responsibility to report any information security incidents and/or weaknesses in systems or services.
• Identify and report incidents  [Mandatory] - Identify potential security incidents through monitoring and ensure there are mechanisms for reporting all incidents.
• Incident classification  [Mandatory] - Establish a severity level system to classify incidents based on their impact and urgency, such as critical, major, minor.
• Incident escalation  [Mandatory] - Define an escalation process that outlines who should be notified when an incident occurs, who should take over if the first responder is not available or needs assistance, and how the handoff should happen. Provide clear criteria for when an incident should be escalated to the next level, such as based on the severity level, duration, scope, or complexity of the incident.
• Incident response  [Mandatory] - Assess identified incidents to determine the appropriate next steps for mitigating the risk.Respond to incidents by containing, investigating, and resolving them Perform a post-incident analysis to learn and document key lessons from every incident.