A.13.2 Management of information security incidents and improvements

Objective: To ensure a consistent and effective approach is applied to the management of information security incidents.

A.13.2.1 Responsibilities and procedures

Control

Management responsibilities and procedures shall be established to ensure a quick, effective, and orderly response to information security incidents.

A.13.2.2 Learning from information security incidents

Control

There shall be mechanisms in place to enable the types, volumes, and costs of information security incidents to be quantified and monitored.

A.13.2.3 Collection of evidence

Control

Where a follow-up action against a person or organization after an information security incident involves legal action (either civil or criminal), evidence shall be collected, retained, and presented to conform to the rules for evidence laid down in the relevant jurisdiction(s).

Lumension Risk Manager provides a comprehensive view across hundreds of global regulations, mandates and internal policies improving the efficiency of controls and reducing risk. 

Lumension Risk Manager provides the capabilities to:

• Align business interests (sales and manufacturing processes, etc.) with IT assets (servers, workstations, applications, etc.), compliance regulations and control frameworks
• Define and model unique risk profiles across your IT assets
• Automate the gathering of compliance and IT risk assessment asset data through integration with Lumension and third party tools (i.e. vulnerability scanners, etc.)
• Benchmark risk assessments against IT control frameworks
• Report on risk,, compliance and remediation metrics across an entire regulation or internal mandate
• Prioritize potential risk by correlating IT assets to critical business processes