Incident management is the activity designed to handle a control failure that leads to a breach. Incident management is the process of identifying, analyzing, responding to, and learning from security incidents that may compromise the confidentiality, integrity, or availability of information assets. Incident management aims to minimize the impact of a breach, restore normal operations as quickly as possible, and prevent or reduce the likelihood of recurrence. Incident management involves several steps, such as:
* Establishing an incident response team with clear roles and responsibilities
* Developing and maintaining an incident response plan that defines the procedures, tools, and resources for handling incidents
* Implementing detection and reporting mechanisms to identify and communicate incidents
* Performing triage and analysis to assess the scope, severity, and root cause of incidents
* Containing and eradicating the threat and preserving evidence for investigation and legal purposes
* Recovering and restoring the affected systems and data to a secure state
* Evaluating and improving the incident response process and controls based on lessons learned and best practices References = CISM Review Manual, 16th Edition, ISACA, 2021, pages 223-232.

The most important information to include in monthly information security reports to the board is the trend analysis of security metrics. Security metrics are quantitative and qualitative measures that indicate the performance and effectiveness of the information security program and the alignment with the business objectives. Trend analysis is the process of comparing and evaluating the changes and patterns of security metrics over time. Trend analysis can help to identify the strengths and weaknesses of the information security program, the progress and achievements of the security goals and initiatives, the gaps and opportunities for improvement, and the impact and value of the information security investments. Trend analysis can also help to communicate the current and future security risks and challenges, and the recommended actions and strategies to address them. Trend analysis can provide the board with a clear and concise overview of the information security status and direction, and enable informed and timely decision making.
References =
* CISM Review Manual 15th Edition, page 1631
* The CISO's Guide to Reporting Cybersecurity to the Board2
* CISM 2020: Information Security Metrics and Reporting, video 13