Gives a structured and planned approach to detect, report and assess information security incidents, respond to and manage information security incidents, detect, assess and manage information security vulnerabilities, and continuously improve information security and incident management as a result of managing information security incidents and vulnerabilities.