COURSE OUTLINE
INFORMATION SECURITY INCIDENT MANAGEMENT
- Establish and maintain an organizational definition of, and severity hierarchy for, information security incidents to allow accurate identification of and response to incidents.
- Establish and maintain an incident response plan to ensure an effective and timely response to information security incidents.
- Develop and implement processes to ensure the timely identification of information security incidents.
- Establish and maintain processes to investigate and document information security incidents to be able to respond appropriately and determine their causes while adhering to legal, regulatory and organizational requirements.
- Establish and maintain incident escalation and notification processes to ensure that the appropriate stakeholders are involved in incident response management.
- Organize, train and equip teams to effectively respond to information security incidents in a timely manner.
- Test and review the incident response plan periodically to ensure an effective response to information security incidents and to improve response capabilities.
- Establish and maintain communication plans and processes to manage communication with internal and external entities.
- Conduct post-incident reviews to determine the root cause of information security incidents, develop corrective actions, reassess risk, evaluate response effectiveness and take appropriate remedial actions.
- Establish and maintain integration among the incident response plan, disaster recovery plan and business continuity plan.
