Does a formal reporting procedure or guideline exist for users to report security weakness in, or threats to, systems or services?
Is there a procedure for assessing information security problems and issues and classifying them as information security incidents?
Are there documented procedures in place for responding to an information security incident?
Are procedures for the identification, collection, acquisition and preservation of information which can serve as evidence documented and known by staff?
Have management responsibilities and procedures been established to ensure a quick, effective and orderly response to information security incidents?
Does a formal reporting procedure exist to report security incidents through appropriate management channels as quickly as possible?
Does it include:Non-compliance with policy or guidelines?
Does it include:Breach of physical security arrangement?
Does it include:Uncontrolled system change?
Does it include:Malfunction of software or hardware?