Cybersecurity events are analysed to support the declaration of cybersecurity incidents, at least in an ad hoc manner
Context and Guidance: The analysis of cybersecurity events helps the organisation gather additional information for event resolution and to assist in incident declaration, handling, and response. This analysis may consist of categorising, correlating, and prioritising events. Through analysis, the organisation determines the type and extent of an event (e.g., physical versus technical), whether the event correlates to other events (to determine if they are symptomatic of a larger issue, problem, or incident), and in what order events should be addressed or assigned for incident declaration, handling, and response. Analysis also helps the organisation to determine if the event needs to be escalated to other organisational or external staff (outside of the incident management staff) for additional analysis and resolution.
Related Practices • Input From: Implementing RESPONSE-1a provides input that may be useful for implementing this practice. • Progression: This practice is part of a practice progression. Practice progressions are groups of related practices that represent increasingly complete or more advanced implementations of an activity. The practices in this progression include: RESPONSE-2b, RESPONSE-2d, RESPONSE-2f, RESPONSE-2i.