Priorities for Incident Management

            The priorities for incident management, according to
            ISO27002:2005, are:
               •  Communications to allow for the timely intervention
               •  Quick effective and orderly response
               •  Documentation and audit trails
               •  Action to recover from and control the incident
               •  Feedback and learning from the incident



            Steps to Incident Management

            NIST defines the steps of an incident response plan in Special
            Publication 800-61 as:
               •  Preparation
               •  Detection and Analysis
               •  Containment, Eradication, and Recovery
               •  Post-incident Activity

            However, most incidents are not linear. It is not a simple,
            straightforward process from one step to the next. Many
            incidents will require several iterations of the second (detection)
            and third (containment, eradication, and recovery) steps.
            Each incident is an opportunity to learn. Improvements can be
            made that will;
               •  help reduce the likelihood or impact of a future event,
               •  improve the detection and response capability of the
                   organization,
               •  highlights areas for additional training, and
               •  potentially improve processes or business operations that
                   were subject to failure.