Cyber and Data Breach Incident Management

Detect and report cyber and data-related incidents, identify affected systems and user groups, trigger alerts and announcements to relevant stakeholders and efficient resolution of the situation.



Competency Area

Operations and User Support


Provide real-time incident and status reporting, and identify affected systems and user groups

Maintain a tracker or log of incidents to provide real-time status reporting on affected systems

Report incidents, in line with incident management protocols

Gather relevant information about incidents

Categorise the importance of incidents based on established guidelines

Identify the systems and user groups affected by the incident based on information gathered

Assist in mitigation of repeat incidents as directed

Document the modifications made to troubleshoot and resolve problems or incidents in the system

Troubleshoot incidents, escalate alerts to relevant stakeholder, and analyse root causes and implications

Review categorisation of an incident, and determine its priority and need for escalation

Escalate alerts to relevant stakeholder groups upon the occurrence of incidents

Perform first responder troubleshooting on cyber-related, data- related or security incidents, by following pre-determined procedures

Analyse incident reports, log files and affected systems to identify threats and root causes of incidents

Perform incident triage to assess severity of incidents and security implications

Implement approved processes or technologies to mitigate future incidents

Develop incident management procedures and synthesise incident- related analyses

Develop mechanisms or threat signatures that trigger incident alerts to relevant parties and systems

Integrate cyber- and data-related information, alerts and analysis from detection system logs to develop a holistic view of incidents

Distil key insights and impact from analyses of incidents

Manage the containment of cyber and data incidents within the organisation

Lead recovery of contained security incidents

Establish mitigation and prevention processes and policies

Drive implementation of mitigation processes and policies

Formulate incident response strategies remediation, resolution, communication of cyber and data incidents

Establish incident management procedures for the detection, reporting and handling of incidents

Develop a playbook for cyber and data incident management

Lead an incident response team

Lead the remediation and resolution of cyber and data incidents at the organisational level

Resolve large-scale, unpredictable incidents

Make key decisions on when and how to communicate incidents to different critical stakeholders

Direct post-mortem activities following critical incidents

Develop organisation-wide cyber and data incident mitigation strategies

Drive cross-collaboration efforts to co-develop strategies to manage cyber and data incidents

Direct the management of cyber and data incidents on an industry, national or international scale

Manage incidents to minimise significant reputational risk to the organisation

Lead collaboration across industries to manage large-scale cyber and data security incidents

Co-develop cyber and data incident management strategies on a national level with external experts and stakeholders

Lead critical communications to the public, authorities, internal and external stakeholders