| S/N | Questions | SSE-CMM rating scale | |||||
| i | Are incident-handling procedures in place to report and respond to security events throughout the incident lifecycle, including the definition of roles and responsibilities? | 0
| 1
| 2
| 3
| 4
| 5
|
| ii | Does your organization has an incident response team in place and is functional? | 0
| 1
| 2
| 3
| 4
| 5
|
| iii | Does the organization incident response team aware of legal or compliance requirements surrounding evidence collection? | 0
| 1
| 2
| 3
| 4
| 5
|
| iv | I know where to report information security incidents (e.g. viruses, fire, flood, etc.) | 0
| 1
| 2
| 3
| 4
| 5
|