8.6 Capacity Management

The use of resources should be monitored and adjusted in line with current and expected capacity requirements.

Capacity management in information security refers to the process of planning, organizing, and managing the resources and infrastructure required to support an organisation's information security needs. This includes the management of hardware, software, and network resources, as well as the management of personnel and other resources required to support the security function.

Capacity management in information security includes several key tasks, such as:

• Assessing the organisation's current and future information security needs.
• Identifying and evaluating potential security solutions.
• Developing and implementing a capacity plan that aligns with the organisation's overall security strategy.
• Monitoring and managing the performance of security systems and infrastructure, including monitoring for potential security threats.
• Continuousevaluate and update the capacity plan to ensure at it remains aligned with the organisation's changing security needs.
The goal of capacity management in information security is to ensure that the organisation has the resources and infrastructure in place to protect against security threats effectively and to detect and respond to security incidents in a timely manner. This includes ensuring that the organisation has the right number of security personnel, the right tools and technologies, and the right processes and procedures in place to meet their security needs.Capacity management is a continuous process, it requires regular review and updating to ensure that the organisation's security infrastructure is able to support the organisation's changing needs and to address the new and emerging security threats.