|
An Information Security incident can be defined as any occurrence which in itself does not necessarily compromise Information Security, but which could result in it being compromised. An example is a multiple login failure on a single user account, leading to that account being locked out. This topic discusses reporting structures for Information Security incidents.
|
- A member of staff may not report an Information Security incident because there are no procedures in place to do so, resulting in a chain of events that leads to your organisation's information systems being compromised.
|
- Your organisation must ensure that all Information Security incidents are reported to a management representative - usually your Information Security Officer - who has the authority to pursue the incident through to resolution.
- Some of these incidents may be reported automatically by the operating system of your computer system, but they may require additional escalation after analysis.
- Differentiate and define Information Security incidents by their degree of severity. This will enable you to give clear instructions to staff.
- Review the issues raised in: Access Control, Complying with Legal Obligations and Combating Cyber Crime.
- Visit the CERT® Coordination Centre Web site They provide a wealth of background information and assistance with investigating Information Security incidents.
- Your reporting structure should include a feedback line to your Information Security Policies, so that they may be strengthened appropriately.
|
