According to ISACA, in light of this, incident management programs are more important than ever, and with ISACA’s newly launched Security Incident Management Audit Program, "audit professionals now have the tools to more effectively evaluate incident management programs and achieve greater assurance,” says ISACA.
“Security incidents not only result in added expenses, but can damage a company’s reputation—so enterprises need to ensure that security incident management programs are effective,” said Beverly Thomas, CISA, expert reviewer for the audit program, and Senior Manager, Internal Audit, UMWA Health & Retirement Funds.
“Having an organised audit program to assess these programs is an important part of driving their success.”
ISACA says its audit progam covers process areas of security incident management programs and clearly outlines process sub-areas —like detection and analysis, forensics, and change management during program implementation as well as control objectives, controls and testing steps in a customisable spreadsheet.
The audit program examines assurance across areas such as:
- Program design and implementation—Exploring processes including risk analysis; awareness and training; detection and analysis; and containment, eradication and recovery
- Tools and technologies—Covering areas such as software, vulnerability assessments, and configurations of workstations and servers
- Reporting best practices—Including reports and escalation documents, as well as a formal process for root cause analysis
- Lessons learned—Factoring in steps such as a protocol for post-incident reflection