Professional Documents
Culture Documents
ACPL-IsMS-C5.27 Learning From Information Security Incidents Policy
ACPL-IsMS-C5.27 Learning From Information Security Incidents Policy
Document ID ACPL-ISMS-C5.27
Document Classification Internal
Issue Date (effective from) 01.12.2023
Version No 1.0
Latest Review Date 01.12.2023
1. Control statement:
Knowledge gained from information security incidents should be used to strengthen and improve the
information security controls.
2. Purpose:
3. Scope:
This policy covers the quantification and monitors the types, volumes and costs of information
security incidents.
4. Procedure:
The information gained from the evaluation of information security incidents should be used to:
b) Identify recurring or serious incidents and their causes to update the organization’s information
security risk assessment and determine and implement necessary additional controls to reduce the
likelihood or consequences of future similar incidents. Mechanisms to enable that include
collecting, quantifying and monitoring information about incident types, volumes and costs;
c) Enhance user awareness and training by providing examples of what can happen, how to respond to
such incidents and how to avoid them in the future.
5. References:
Doc ID: ACPL-ISMS-C5.27 Version 1.0 Last Rev. Date: 01.12.2023 Page 2 of 3
This document is confidential and must not be shared or copied without written permission from
Aethereus Consulting. Please return or destroy upon request.
Learning from information security incidents Policy
6. Revision History
Doc ID: ACPL-ISMS-C5.27 Version 1.0 Last Rev. Date: 01.12.2023 Page 3 of 3
This document is confidential and must not be shared or copied without written permission from
Aethereus Consulting. Please return or destroy upon request.