All security incidents are addressed in a consistent manner to improve security based on what has happened.
In the incident treatment process:
The organization shall define procedures for clearly sorting detected security events. Sorting must enable the prioritizing of events according to severity and potential impact.
Sorting is intended to enhance the investigation and evaluation of security events so that, for example, a response to a disruption can be initiated quickly.
Procedures can consist of common processes, technical tools, or algorithms that utilize machine learning. Procedures need to be reviewed regularly to ensure that they work and are appropriate for their needs.