The organization should have protocols to measure and track InfoSec incidents and use the data to improve incident management, identify causes, and update the risk assessment. The data can also be used to improve a user’s awareness and training.
Conformance1
Tools for conforming to standards, goals and processes
