Elements and Performance Criteria
- Develop the incident response program
- Develop the incident management policy
- Identify the services the incident response team should provide
- Create incident response plans according to security policy and organisational goals
- Develop procedures for incident handling and reporting
- Create incident response exercises and red-teaming activities
- Develop specific processes for collecting and protecting forensic evidence during incident response
- Specify incident response staffing and training requirements
- Establish the response program
- Implement the incident response program
- Apply response actions in reaction to security incidents according to established policy, plans and procedures
- Respond to and report incidents
- Assist in collecting, processing and preserving evidence according to requirements
- Execute incident response plans
- Execute red-teaming activities and incident response exercises
- Ensure lessons learned from incidents are collected in a timely manner and are incorporated into review plans
- Collect, analyse and report incident management measures
- Evaluate the incident response program
- Assess efficiency and effectiveness of incident response program activities and implement changes as required
- Examine effectiveness of red teaming and incident response tests, training and exercises
- Assess effectiveness of communication between incident response team and related internal and external organisations, implementing changes where appropriate
- Identify and implement improvements based on assessments of effectiveness