ISACA Launches New Audit Program for Security Incident Management

Schaumburg, Ill. (Feb. 17, 2020) — Security incidents are only growing in number—according to ISACA's 2019 State of Cybersecurity survey report, 46 percent of respondents believe that their enterprises are experiencing an increase in attacks relative to last year. In light of this, incident management programs are more important than ever, and with ISACA's newly launched Security Incident Management Audit Program, audit professionals now have the tools to more effectively evaluate incident management programs and achieve greater assurance.


The covers process areas of security management programs, including initial planning and preparation, implementation, execution, and post-incident review. Clearly outlining the process sub-areas in an accompanying customizable spreadsheet file—like detection and analysis, forensics, and change management during program implementation—as well as control objectives, controls and testing steps, the program examines assurance across areas such as:


  • Program design and implementation—Exploring processes including risk analysis; awareness and training; detection and analysis; and containment, eradication and recovery
  • Tools and technologies—Covering areas such as software, vulnerability assessments, and configurations of workstations and servers
  • Reporting best practices—Including reports and escalation documents, as well as a formal process for root cause analysis
  • Lessons learned—Factoring in steps such as a protocol for post-incident reflection


"Security incidents not only result in added expenses, but can damage a company's reputation—so enterprises need to ensure that security incident management programs are effective," said Beverly Thomas, CISA, expert reviewer for the audit program, and Senior Manager, Internal Audit, UMWA Health & Retirement Funds. "Having an organized audit program to assess these programs is an important part of driving their success."


The Security Incident Management Audit Program is US$25 for ISACA members and US$49 for non-members. To access, visit To explore additional audit programs and other resources, visit



For more than 50 years, ISACA ( has advanced the best in technology. ISACA equips individuals with knowledge, credentials, education and community to progress their careers and transform their organizations. Through the CSX, COBIT and CMMI solutions, ISACA enables enterprises to train and build quality teams. ISACA is a global professional association and learning organization that leverages the expertise of its 145,000 members who work in information and cyber security, governance, assurance, risk and privacy to drive innovation through technology. It has a presence in 188 countries, including more than 220 chapters worldwide.