Category 11 - Information Security Incident Management

Category 11 defines the controls and procedures needed to detect, contain, investigate, and remediate information security incidents. It requires documented incident response plans, designated roles, communication protocols, timely reporting, and post-incident analysis to improve defenses and meet regulatory obligations.