Evaluate the Response Process

A security incident tests the procedures that are in place to manage an incident. Once the incident is over, it is time to review the processes and evaluate corrective measures. Security incidents impact a wide variety of departments and processes. All of the processes that were involved with the security incident should be reviewed and any that need improvement based on this incident should be fixed accordingly .

Emergency Response Program

Emergency response procedures include all of the aspects that are invoked because of the security incident. This includes the response team's ability to react to the situation, contact the appropriate people, including infrastructure providers and partners , and handle any situation that may develop.

Emergency response teams have to coordinate with other emergency response teams when the incident is caused by a physical disaster. Disaster response teams will control and manage physically damaged sites. In a physical disaster scenario, information becomes just one aspect of the disaster. Personal safety and those things that jeopardize physical safety have higher priority.

Incident Management Program

Incident management is the process of controlling the incident. It defines the incident declaration criteria and the recovery escalation sequence. It includes coordinating all of the teams (e.g., Damage Assessment Team, Site Security Team), facilitating communications, and reporting. It handles issues of allocation of resources and personnel management.

Business Recovery Program

A business recovery program is an ongoing program that ensures the prudent reduction of risks and the resumption of key business operations following a major disruption. The recovery process is based on the mitigation of the impact of the incident. It encompasses disaster planning and recovery for production, information, sales, and services in both the short term and the long term . The key goal is the restoration of productive capacity and capability.