Elements and Performance Criteria
- Establish cyber security incident
- Establish and confirm occurrence and nature of cyber security incident
- Identify legislative requirements, organisational policies and procedures and cyber security incident response plans
- Analyse and assess source, impact and consequences of incident according to organisational response plans
- Notify and explain cyber incident to required personnel according to legislative requirements and communications plans
- Activate cyber security incident response plan
- Activate incident response plan and confirm cyber incident is contained
- Escalate and involve third party services and specialists as required according to organisational policies and procedures
- Confirm no further risks exist according to legislative requirements and organisational response procedures
- Discuss solutions with required personnel and action accordingly
- Test solution implemented, and escalate as required according to organisational security procedures
- Perform post cyber security incident response procedures
- Evaluate actions taken and confirm incident is fixed and secure according to organisational procedures
- Document cyber security incident, actions performed and solution, according to organisational policies and procedures
- Discuss and document lessons learnt with required personnel
- Discuss and implement preventative measures and mitigation methods as required
- Amend incident response plan accordingly
- Share documentation and communicate with required personnel according to organisational communications plan