Function: Information security incident management decision support (7b9ff2e5-e1f7-5421-985e-0b4024fd0bcc)
Performing analysis of specific evidence assists in identifying insights to support incident resolution. Sometimes, CSIRTs may focus their situational analysis to support a specific desired outcome such as incident resolution. Certain responses to an incident may affect a situational picture differently, and responders may ask for analysis (e.g., impact, cost, risk of failure) of choices. The decision-making needs of the constituency may change as their situational picture evolves, and the CSIRT team may initiate new analysis processes to assist them. This activity is related to the Incident Management Service Area. Incident Management functions are supported by Situational Awareness and the situational picture may change based upon Incident Management activities.