BIZOPS-19 Security Incident Tracking

What is BIZOPS-19 Security Incident Tracking Control about?

Security incident tracking is an important process when an incident or violation is identified. There must be a process to track the incident to resolution. This can be done in a formal way using a ticketing system or informally by storing it in a folder. There is no right or wrong way to do it, but the preferred method is tracking using a ticketing system such as JIRA.

For each incident, there must be an incident report that contains the details of the incident, the date it occurred, who identified or reported it, its impact, resolution, and lessons learned.

Available tools in the marketplace

Tools

No tool recommendations are made for this section.

Available templates

TrustCloud has a curated list of templates, internally or externally sourced, to help you get started. Click on the link for a downloadable version:

• TrustCloud incident report template

Control implementation

To implement this control formally,

You need to implement a formal and repeatable process to track and remediate any identified security incidents. This can include the following steps:

• Create a folder or project in a ticketing system for tracking incidents only.
• Document the incident report and include:
  • The details of the incident
  • The date it occurred
  • Who identified or reported it?
  • Its impact
  • Resolution
  • Lessons learned
  • Reporting, if applicable

What evidence do auditors look for?

Most auditors, at a minimum, are looking for the below-suggested action:

1. Provide a screenshot of the folder in the ticketing system used to track incidents.
2. Provide the most recent example of an incident report ticket.

Evidence example

For the suggested action, an example is provided below:

See evidence provided under BIZOPS-8.