RS.AN-02

Does your organization have a formal process to assess and document the impact of security incidents?

Explanation

Understanding the impact of security incidents is crucial for effective incident response and recovery. This involves evaluating the technical, operational, financial, and reputational consequences of an incident to prioritize response actions and allocate appropriate resources. Impact analysis should consider affected systems, data compromise, service disruptions, and potential regulatory implications. Evidence could include incident impact assessment templates, completed incident reports with impact sections, post-incident analysis documentation, or a formal incident classification matrix that categorizes incidents based on their impact severity.

Context

Function: RS: RESPOND
Category: RS.AN: Incident Analysis
Sub-Category: The impact of the incident is understood

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub