Cyber and Data Breach Incident Management
Detect and report cyber and data-related incidents, identify affected systems and user groups, trigger alerts and announcements to relevant stakeholders and efficient resolution of the situation.
Type
Domain
Competency Area
Operations and User Support
Levels
Provide real-time incident and status reporting, and identify affected systems and user groups
Maintain a tracker or log of incidents to provide real-time status reporting on affected systems
Report incidents, in line with incident management protocols
Gather relevant information about incidents
Categorise the importance of incidents based on established guidelines
Identify the systems and user groups affected by the incident based on information gathered
Assist in mitigation of repeat incidents as directed
Document the modifications made to troubleshoot and resolve problems or incidents in the system
Troubleshoot incidents, escalate alerts to relevant stakeholder, and analyse root causes and implications
Review categorisation of an incident, and determine its priority and need for escalation
Escalate alerts to relevant stakeholder groups upon the occurrence of incidents
Perform first responder troubleshooting on cyber-related, data- related or security incidents, by following pre-determined procedures
Analyse incident reports, log files and affected systems to identify threats and root causes of incidents
Perform incident triage to assess severity of incidents and security implications
Implement approved processes or technologies to mitigate future incidents
Develop incident management procedures and synthesise incident- related analyses
Develop mechanisms or threat signatures that trigger incident alerts to relevant parties and systems
Integrate cyber- and data-related information, alerts and analysis from detection system logs to develop a holistic view of incidents
Distil key insights and impact from analyses of incidents
Manage the containment of cyber and data incidents within the organisation
Lead recovery of contained security incidents
Establish mitigation and prevention processes and policies
Drive implementation of mitigation processes and policies
Formulate incident response strategies remediation, resolution, communication of cyber and data incidents
Establish incident management procedures for the detection, reporting and handling of incidents
Develop a playbook for cyber and data incident management
Lead an incident response team
Lead the remediation and resolution of cyber and data incidents at the organisational level
Resolve large-scale, unpredictable incidents
Make key decisions on when and how to communicate incidents to different critical stakeholders
Direct post-mortem activities following critical incidents
Develop organisation-wide cyber and data incident mitigation strategies
Drive cross-collaboration efforts to co-develop strategies to manage cyber and data incidents
Direct the management of cyber and data incidents on an industry, national or international scale
Manage incidents to minimise significant reputational risk to the organisation
Lead collaboration across industries to manage large-scale cyber and data security incidents
Co-develop cyber and data incident management strategies on a national level with external experts and stakeholders
Lead critical communications to the public, authorities, internal and external stakeholders