ir-5(1)

incident monitoring | automated tracking / data collection / analysis

assessment objective:

Determine if the organization employs automated mechanisms to assist in:

ir-5(1)[1]  

the tracking of security incidents;

ir-5(1)[2]

the collection of  incident information; and

ir-5(1)[3]

the analysis of incident information.

potential assessment methods and objects:

Examine: [select from: Incident response policy; procedures addressing incident monitoring; automated mechanisms supporting incident monitoring; information system design documentation; information system configuration settings and associated documentation; incident response plan; security plan; audit records; other relevant documents or records].

Interview: [select from: Organizational personnel with incident monitoring responsibilities; organizational personnel with information security responsibilities].

Test: [select from: Automated mechanisms assisting in tracking of security incidents and in the collection and analysis of incident information].