A.5.25 — Assessment and decision on information security events
This control establishes processes for assessing and deciding on actions related to information security events. Measures include root cause analysis, risk evaluation, and mitigation plans.
| Property | Value |
|---|---|
| Section | process |
| Owner | platform |
Mapped Controls
| Control | Title |
|---|---|
| SID-OPS-01 | Incident Response and Management |
| SID-AUDIT-01 | Structured Security Event Logging |
Source: ISO/IEC 27001:2022 Annex A