Reporting Information Security Incidents

An Information Security incident can be defined as any occurrence which in itself does not necessarily compromise Information Security, but which could result in it being compromised. An example is a multiple login failure on a single user account, leading to that account being locked out. This topic discusses reporting structures for Information Security incidents.

To view the related Policy click      

  • A member of staff may not report an Information Security incident because there are no procedures in place to do so, resulting in a chain of events that leads to your organisation's information systems being compromised.

  • Your organisation must ensure that all Information Security incidents are reported to a management representative - usually your Information Security Officer - who has the authority to pursue the incident through to resolution.
  • Some of these incidents may be reported automatically by the operating system of your computer system, but they may require additional escalation after analysis.
  • Differentiate and define Information Security incidents by their degree of severity. This will enable you to give clear instructions to staff.
  • Review the issues raised in: Access Control, Complying with Legal Obligations and Combating Cyber Crime.
  • Visit the CERT® Coordination Centre Web site They provide a wealth of background information and assistance with investigating Information Security incidents.
  • Your reporting structure should include a feedback line to your Information Security Policies, so that they may be strengthened appropriately.

Previous PageTop of this pageNext Page

Information Security Policies from US$595


Use of the guidance contained within RUSecure™ is subject to the End User Licence Agreement
This site created with EasyHTMLHelp(tm) for MS Word


Next PageUpPrevious Page