Incident Management

Part of the Cyber Maturity series of articles, this section focuses on Incident Management.

Quoting the 10 Steps to Cyber Security Guidance Sheets:

All organisations will experience an information security incident at some point. Investment in establishing effective incident management policies and processes will help to improve resilience, support business continuity, improve customer and stakeholder confidence and reduce any financial impact.

The specific recommendations are:

  • Obtain senior management approval and backing
  • Establish an incident response capability
  • Provide specialist training
  • Define the required roles and responsibilities
  • Establish a data recovery capability
  • Test the incident management plans
  • Decide what information will be shared and with whom
  • Collect and analyse post-incident evidence
  • Conduct a lessons learned review
  • Educate users and maintain their awareness
  • Report criminal incidents to Law Enforcement

What are your experiences in this area? How are you managing these controls?
Please share with the community in the comments area below.


Where is good practice referenced? Please let the community know in the comments area below.

The pages referenced in this series of blog articles are derived from the  10 Steps to Cyber Security Guidance Sheets published by BIS and GCHQ in this press release.
The documents are Crown Copyright and used here with permission under the government open license.

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: