Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. Incident management, incident investigation and response

Incident management, incident investigation and response

Skill Definition

Incident management, incident investigation and response refers to the set of processes, procedures and systems used to reduce the harm caused to victims of cyber incidents and deter future attacks. The principles of the skill include engagement with the overall organisation incident management process to ensure that information security incidents are handled appropriately, defining and implementing processes, procedures and configuring system policies for responding to and investigating information security incidents, establishing and maintaining a Computer Emergency Response Team (CERT) and systems to deal with information security incidents.

Awareness

  • Describes the basic principles of incident management, incident investigation and response. Implements processes, procedures and systems for responding to and investigating incidents
  • Follows documented principles and guidelines for incident management, incident investigation and response activities with supervision

Working

  • Contributes to incident management, incident investigation and response policy and/or incident management processes, procedures and systems
  • Follows documented principles and guidelines for incident management, incident investigation and response activities with limited direction/supervision

Practitioner

  • Defines incident management, incident investigation and response policy and/or incident management and investigation processes, procedures and systems
  • Follows documented principles and guidelines for incident management, incident investigation and response activities
  • Advises others on incident management, incident investigation and response processes

Expert

  • Champions incident management, incident investigation and response policy and/or incident management and investigation processes, procedures and systems
  • Shapes incident management, system response, incident investigation and response principles and guidelines for incident management activities
  • Advises on corporate and systems response to an incident
  • Promotes incident management, incident investigation and response best practice
  • Monitors the effectiveness of reporting

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now