Network Trace
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

02) Does your organisation's Incident Response Plan allow for the classification of information security events?

January 30, 2023
Business Resilience
Incident Response Plan
Classification of Events

Answer yes if your organisation's Incident Response Plan contains a section for classifying information security events. Please reference the section of any previously provided plan in the notes.

An Incident Response Plan (IRP) is a crucial document that outlines the operational steps that must be taken when an unexpected or disruptive event occurs. The plan can be invoked for both security and non-security incidents and should be an organic and operational document used to restore service and co-ordinate a response.

A good IRP will categorise incidents based on the cause of the incident and the severity of its impact. For example, a security incident involving confidential data disclosure may require a different response when compared with an operational incident that causes a temporary service disruption.

Security incidents are classified with a severity rating. Severity is usually indicated with P (priority) notation, with a P1 incident being the highest severity, requiring maximum escalation to executive management and a formal co-ordinated response.

How to implement the control

Ensure your plan has a method for categorising the type and priority of any incidents that cause the plan to be invoked. It can help to have a security consultant review your company's incident response plan to ratify its robustness.

If you would like to contribute to this article or provide feedback, please email Contributors will be recognised on our contributors page.

Pattern Trapezoid Mesh

Defend against supply chain attacks with Defend-As-One.

No organisation is an island.