Explore the fundamentals of security incident management, including methods for classifying incidents, roles, responsibilities, and training for incident response team members, and notification and escalation processes.
Learning Objectives
CISM: Information Security Incident Management Part 1
- describe incident management concepts
- define components of an incident response plan (IRP)
- map the BCP and DRP to the IRP
- specify methods for incident classification and categorization
- define incident containment methods
- describe notification and escalation processes
- define roles and responsibilities in security incidents
- know IRT training, tools and equipment
- classify forensic requirements for handling evidence
- describe security incident management