search

12: Information Security Incident Management

hashtag
This category focuses on ensuring a consistent and effective approach to managing information security incidents, including communication on security events and weaknesses. It involves planning, monitoring, and responding to incidents to minimize adverse impacts and ensure that lessons are learned to prevent future incidents.

hashtag
Controls (A.16):

  • A.16.1.1: Responsibilities and Procedures

  • A.16.1.2: Reporting Information Security Events

  • A.16.1.3: Reporting Information Security Weaknesses

  • A.16.1.4: Assessment of and Decision on Information Security Events

  • A.16.1.5: Response to Information Security Incidents

  • A.16.1.6: Learning from Information Security Incidents

  • A.16.1.7: Collection of Evidence

hashtag
Control A.16.1.1: Responsibilities and Procedures

Audit Questions:

  • Are there documented procedures for managing information security incidents?

  • Who is responsible for managing and responding to security incidents?

  • How are these responsibilities communicated?

Common Non-Conformities (NC):

  • Lack of documented incident management procedures.

  • Unclear or undefined responsibilities for incident management.

  • Inadequate communication of incident management responsibilities.

hashtag
Control A.16.1.2: Reporting Information Security Events

Audit Questions:

  • Are there procedures for reporting information security events?

  • How are security events reported, and to whom?

Common Non-Conformities (NC):

  • No procedures for reporting security events.

  • Delays or failures in reporting security events.

hashtag
Control A.16.1.3: Reporting Information Security Weaknesses

Audit Questions:

  • How are information security weaknesses reported?

  • Are there channels for employees to report weaknesses confidentially?

Common Non-Conformities (NC):

  • No procedures for reporting security weaknesses.

  • Employees unaware of reporting channels.

hashtag
Control A.16.1.4: Assessment of and Decision on Information Security Events

Audit Questions:

  • How are security events assessed and decisions made regarding their handling?

  • Are there criteria for assessing the severity of events?

Common Non-Conformities (NC):

  • Inadequate assessment procedures for security events.

  • Lack of criteria for assessing event severity.

hashtag
Control A.16.1.5: Response to Information Security Incidents

Audit Questions:

  • What are the procedures for responding to information security incidents?

  • How is the effectiveness of incident response measured?

Common Non-Conformities (NC):

  • No response procedures for security incidents.

  • Poor measurement of incident response effectiveness.

hashtag
Control A.16.1.6: Learning from Information Security Incidents

Audit Questions:

  • Are there processes for learning from information security incidents?

  • How are lessons learned documented and communicated?

Common Non-Conformities (NC):

  • No processes for learning from incidents.

  • Lessons learned not documented or communicated.

hashtag
Control A.16.1.7: Collection of Evidence

Audit Questions:

  • How is evidence collected and preserved during incident investigation?

  • Are there procedures to ensure evidence integrity?

Common Non-Conformities (NC):

  • Inadequate evidence collection procedures.

  • Lack of measures to ensure evidence integrity.

Previous11. Supplier RelationshipsNext13. Information Security Aspects of Business Continuity Management

Last updated