The organization should assess information security events and decide if they are to be categorized as information security incidents.
The organization should assess information security events and decide if they are to be categorized as information security incidents.