| ๐ผ 73a detection of an information security event through the use of automated sensors and manual review; | | 10 | 10 | |
| ๐ผ 73b identification and analysis to determine if it is an incident or an event; | | 10 | 10 | |
| ๐ผ 73c escalation to ensure that decision-makers are aware of the incident and to trigger incident response processes; | | 2 | 2 | |
| ๐ผ 73d containment to minimise the damage caused, and reduce the possibility of further damage; | | 10 | 10 | |
| ๐ผ 73e eradication which involves the removal of the source of the information security compromise (typically malware); | | 10 | 10 | |
| ๐ผ 73f response and recovery which involves a mixture of system restoration (where integrity and availability have been compromised) and managing sensitive data loss where confidentiality has been compromised. This allows for a return to businessas-usual processing; | | 4 | 4 | |
| ๐ผ 73g post-incident analysis and review to reduce the possibility of a similar information security incident in the future, improve incident management procedures and forensic analysis to facilitate attribution and restitution (where relevant). | | | | |