Security Process
Security Planning
04 Understanding Incident Management

Incident Management

Knighthood helps customers select the best level for their needs.

Enhanced

  • All major security incidents are managed in accordance with the emergency or crisis management plan.
  • All security investigations are subject to independent or semi-independent review.
  • Regular research is conducted into measures for preventing and managing incidents as part of the continuous improvement program for processes and systems, which includes working with external experts.
  • Internal and external security environments are monitored to identify issues that might affect the appropriate response in an incident. Any improvements to processes are made accordingly.

Managed

  • Mechanisms are in place to record, respond to, escalate and evaluate security incidents. These mechanisms are communicated clearly and the consequences are defined.
  • Employees and relevant service providers are aware of what a security incident is, how to respond, and who to notify.
  • The correct external agencies are contacted in a timely manner when needed.
  • There is a comprehensive, consistent and responsive approach to incident management across the organisation and a defined hierarchy of response and escalation triggers.
  • Security incidents and suspicious activities are consistently recorded, tracked and investigated.
  • Root cause and trend analyses are conducted to inform practice improvements.
  • Incident drills and exercises are performed with employees to improve responses and any learnings are fed into policy and process reviews.
  • Incident management is integrated with business continuity programs and health and safety regimes.
  • Security requirements are specified to external suppliers.
  • Reports of incidents are reviewed to assess the response, and any resulting improvements are implemented promptly.
  • Executives and management receive information on security incidents, the measures taken to fix them, and any actions taken.
  • Employees are encouraged to report security incidents and feel comfortable doing so. All reported incidents are managed appropriately.
  • Information about significant security incidents are communicated to employees.
  • Employees are aware of the consequences of serious incidents, particularly if security policies have been deliberately bypassed.

Basic

  • Measures to monitor, detect, respond to, and manage security incidents are loosely defined, with limited central oversight, control or tracking.
  • Limited awareness of the types of security incidents and their likelihood.
  • Employees understand what to do in the case of an emergency, such as a bomb threat or 'white powder' incident.
  • Employees are encouraged to report security incidents, but the level of comfort in doing so varies by group or location.

Informal

  • No structured or consistent approach to detecting, responding to, and managing security incidents, and limited support from security specialists.
  • No defined or communicated expectations for reporting security incidents.
  • Security incident management responsibilities are unclear; response to an incident might be delayed while responsibilities are assigned.
  • Security infringements and incidents are generally ignored.