Procedure for the information security incidents

How to prepare a procedure to identify and quantify the information security incidents based on their type, volume and costs.

Control No.13.2.2- Learning from information security incidents.

Answer:
For the preparation of this procedure you can include information about the notification of the incident, classification of the incident, treatment of the incident, close the incident and knowledge base (these are also the main steps for the management of incidents). This article related to steps of the management of information security incidents, responsibilities, and classifications (based on the impact and the urgency of the incident, by the way, the impact can be related to costs), can be also interesting for you “How to handle incidents according to ISO 27001 A.16” : https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/

By the way, the control 13.2.2 is related to the previous version of ISO 27001 (published in 2005), which is obsolete. The current version of the standard is the ISO 270 01:2013 and the control related to “Learning from information security incidents” is the A.16.1.6. This article can be interesting for you “How to make a transition from ISO 27001 2005 revision to 2013 revision” : https://advisera.com/27001academy/knowledgebase/how-to-make-a-transition-from-iso-27001-2005-revision-to-2013-revision/

Regarding the procedure, you can use our template for the management of information security incidents according to ISO 27001:2013 A.16.1.6, you can see a free version clicking on “Free Demo” tab here “Incident Management Procedure” : https://advisera.com/27001academy/documentation/Incident-Management-Procedure/

Finally, our online course can be also interesting for you “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/