© 2020 Content Security Pty Ltd.

Advisory services

Information Security Incident Management

Content Security’s experienced consultants help you create and implement effective incident management policies, standards and plans to protect your organisation. 

The severity of damage and overall cost of an information security incident increases with every hour it remains unresolved

A formalised information security incident management process is the key to streamlining your response process and limiting the impacts of potential disruption

In the midst of a security compromise your organisation needs clear and cohesive guidance on driving the incident management process. Without it, a simple information security event could escalate to crisis or disaster, leading to a notifiable breach of company information and subsequently, reputation damages and customer losses.

An overarching Information Security (IS) Incident Management policy sets the directive for a more coordinated response. It’ll act as a basis for a comprehensive IR plan, and will further provide transparency around your entire IR process. Ultimately, it ensures a formally documented IR procedure is readily available, demonstrating your organisation’s commitment to containing information security threats and minimising damage to third parties.

Content Security's Governance, Risk and Compliance team help you craft and implement tailored Information Security Incident Management policies and plans

Our qualified team of consultants develop and implement IS Incident Management Policies and Standards across a range of industries, with the additional creation of custom-made Incident Response Plans. As an ISO 27001 certified organisation, we pay special attention to Annex A.16 of the standard, ensuring your business has a clear, successful and compliant strategy around the notification, communication and general handling of information security incidents.  

information security

When did you last update your Incident Response Plan? Have you run through Playbooks lately?

IR plan and playbook testing continues to mitigate extensive breach costs, and the statistics show that testing is only proving to be more effective as the years go on

Breaches at organisations with neither an IR team nor plan testing cost $5.71m, while those at organisations with both capabilities cost $3.25m

This is a total cost gap of $2.46m or 54.9 per cent. These figures show a growing cost difference effectiveness of IR capabilities in just 2021. However, when we compare the numbers year-over-year, it’s clear that testing is only improving response processes and minimising costs even more. For example, the average cost difference in 2020 was only 42.1 percent, or $1.77m.

IS Incident Management policy provides organisation-wide guidance on Incident Response and dictates your overall approach to managing disasters

Without Incident Management policies and standards, an incident can escalate to a crisis, and disrupt business operations, employees, customers, partners and other vital business functions

The purpose of Information Security (IS) Incident Management Policy is quite self-explanatory – it describes the overall requirements for preparing and dealing with information and cyber security incidents in the period immediately after their occurrence. In addition to enabling your team is to respond swiftly and effectively to an incident, this policy will demonstrate an integrated approach to risk management and ensure your organisation is compliant with the relevant legislation and standards. Above all, the objective of IS Incident Management policy is to show your business is doing its due diligence and providing high standards of information security to protect staff, customers, partners and other third-parties.

Organisation-wide Approach

Your incident management policy should cover all staff, customers, suppliers and any other third-parties that may be involved or impacted by a potential information security incident. As such, it applies to any individual in your organisation that handles or uses the company’s information resources.

Incident Response Team

In addition to outlining the responsibilities of executives and general staff, we ensure your incident management policy defines your Incident Response (IR) team and delivers clear guidance on how they should handle the IR process, from determining the type of threat to activating the overarching IR plan.

Incident Management Procedures

The policy covers the entire incident management cycle – from planning and prevention, to notification and activation of the IR plan, containment and response procedures as well as recovery and review. This high-level overview ensures incidents do not escalate through inaction, and puts incident management into clear, formalised steps.

When incidents occur, stress rises and poor decisions are made

IR skills might be available in-house, however, external experts can act rationally and without bias to give your leadership the right information to make better choices

We cover the industry spectrum end-to-end, meaning, we can assist you with preparing for any type of cyber security incident and beyond

This includes data breaches, malware outbreaks, internal frauds and system
misuse, cloud compromises, phishing, sexual harassment or other industrial relation disputes involving information systems.

Moreover, our services extend beyond just Information Security Incident Management policy. We specialise in Security Assurance Services, Governance, Risk and Compliance, Enterprise Services, Digital Forensics and Incident Response, partnering with Strategic Vendors to protect your business.

Putting your Incident Management Policy into practice means developing a tailored incident response plan

This will facilitate streamlined reporting, containment and recovery processes for a range of information security incidents

More importantly, it’ll ensure a top-down approach that’s been approved and communicated across your key-decision makers, incident response team and other staff.

Content Security will perform interviews with senior managers and team leaders from your IT department, as well as key process owners (e.g. from HR, Risk and Compliance, and Facilities Management).

The objective of these meetings is to identify key business processes, the nature and value of your information, and areas of risk within the business. This information then will be used to ensure that the incident response plan will be aligned with the business goals, information security objectives, and legislative and regulatory requirements.

Content Security will work with your team to develop and implement a tailored incident response plan. This plan will align with your organisation’s unique requirements for collecting evidence and swift resumption of business operations. The incident response plan will contain:

  • Assignment of key roles and responsibilities, including central points of contact when incidents occur;
  • Contact details of key personnel;
  • Criteria for what constitutes an incident, and different types of incidents;
  • Initial response and notification procedures; and
  • Guidelines for the proper logging of evidence.


The plan will then be deployed to your key employees, and our team will provide training and skills transfer sessions to interested parties.

information security

For more information please contact our cybersecurity professionals today.