Your investigation into an Information Security incident must identify its cause and appraise its impact on your systems or data. This will assist you in planning how to prevent a reoccurrence.

• A recurrence of data loss / corruption during a particular phase of processing may be indicative of the inappropriate closure of a prior Information Security incident.

• Test patches or fixes to software thoroughly so that an Information Security incident, once identified, cannot occur again.
• Log known Information Security weaknesses (and any resulting incident) so that similar occurrences can be identified easily. The log should detail both successful and failed attempts to close Information Security incidents. This can be useful for assessing techniques employed during other investigations.
• Your impact analysis of Information Security incidents should consider (but not be limited to) :-

1. System downtime.
2. Number of users effected.
3. Monetary loss incurred.
4. Reputation loss incurred.
5. Client losses (monetary, reputation etc.)

• You may need to call in a specialist team to assist in the analysis, particularly if the incident had far reaching effects.