All security incidents are addressed in a consistent manner to improve security based on what has happened.
In the incident treatment process:
The organization shall ensure that clear persons are assigned to incident management responsibilities, e.g. handling the first response for incidents.
Incident management personnel need to be instructed and trained to understand the organization's priorities in dealing with security incidents.
In the event of an incident, the implementation of the response plan with stakeholders must be carried out as specified in the plan.
In the event of an incident , communication with internal and external stakeholders must be in accordance with the incident response plan.
The organization shall establish a incident response plan for security incidents to critical information systems. Response plans should also be tested by the necessary organizational elements. The plan should take into account at least:
In addition, the plan should at least:
The organization has defined a process and the team involved in responding promptly to security incidents and deciding on the appropriate actions.
The first level response process includes at least: