All security incidents are addressed in a consistent manner to improve security based on what has happened.
In the incident treatment process:
Organization assesses cyber security risks by responding to situations where security has been mildly or severely compromised. The documentation shall include at least the following:
If it is difficult to identify the source of a security incident based on the primary treatment, a separate follow-up analysis is performed for the incident, in which the root cause is sought to be identified.
The knowledge gained from analyzing and resolving security incidents should be used to reduce the likelihood of future incidents and their impact.
The organization regularly analyzes incidents as a whole. This process examines the type, amount and cost of incidents with the aim of identifying recurrent and significant incidents that need more action.
If recurrent incidents requiring response are identified, based on them: