Abstract

This Uganda Standard provides a structured and planned approach to detect, report and assess information security incidents respond to and manage information security incidents detect, assess and manage information security vulnerabilities and continuously improve information security and incident management as a result of managing information security incidents and vulnerabilities. This International Standard provides guidance on information security incident management for large and medium-sized organizations. Smaller organizations can use a basic set of documents, processes and routines described in this standard, depending on their size and type of business in relation to the information security risk situation. It also provides guidance for external organizations providing information security incident management services