What is a common framework for managing information security incidents?

The SANS Incident Response Framework is widely recognized as a practical and effective approach for managing information security incidents. This framework emphasizes a structured methodology to respond to security breaches or incidents, which typically includes phases such as preparation, identification, containment, eradication, recovery, and lessons learned. By following these phases, organizations can ensure they are prepared to effectively handle incidents, minimize damage, and improve their response capabilities over time.

In relation to the other options, while the NIST Risk Management Framework is critical for establishing a comprehensive risk management strategy, it does not focus solely on incident response. ISO 27001 provides a standard for managing information security management systems but is broader and does not specifically address the incident response process in detail. COBIT, which stands for Control Objectives for Information and Related Technologies, focuses on governance and management of information technology but is not exclusively aimed at managing information security incidents.