Information security incidents occur almost daily in all companies. Having clarity on how the entire organization should handle them will drastically reduce their impact. Based on the ISO 27035 guide, we developed the following activities:
• Policy for managing events, incidents, and vulnerabilities
• ERISI organization
• Detection and reporting mechanisms
• Incident assessment
• Incident response procedures
• Forensic mechanisms
• Continuous system improvement
