implementation of new controls are all positive results of a risk
            assessment process.



            Key Performance Indicators (KPIs)
            When evaluating the effectiveness of the incident management
            plan, the organization may use key performance indicators to
            measure and track the effectiveness of the plan.
            A key performance indicator allows the organization to compare
            the results of previous incidents with current performance. This
            will identify improvements that have been made and highlight
            areas that still need further improvement.

            Common KPIs are related to:
               •  Time to identify an incident (detection capability)
               •  Time to mobilize response teams (reaction capability)
               •  Time to clear an incident (response capability)
               •  Progress in addressing issues found during feedback
                   review.

            Other areas of the review can relate to the performance of the
            incident response team members. This review measures the
            cooperation and coordination of the teams and team members. It
            also measures the assessment of the skills of the team, reporting
            and monitoring capabilities, the completeness of the plan and
            any missing elements, and the effectiveness of the feedback and
            review process.


            Maintenance of the Incident Response Plans

            The incident response plan must be maintained so that it can be
            used effectively when an incident occurs. This requires the