What must each agency establish for handling security incidents?

Each agency must establish a response and reporting procedure for handling security incidents to ensure an organized and effective approach when incidents occur. This procedure outlines the steps to be taken when a security breach or threat is detected, detailing who should be notified, how information should be communicated, and the specific actions that need to be undertaken to mitigate the situation.

Establishing such a procedure helps agencies to respond promptly and effectively, minimizing potential damage and ensuring that all necessary stakeholders are informed and involved. This structured approach enhances accountability and ensures compliance with regulatory requirements, ultimately protecting sensitive information and maintaining the agency's integrity.

While other options address important aspects of security, the response and reporting procedure is crucial for direct action during security incidents, making it a foundational element in the overall security strategy.