Guideline In Responding To Security Incident – Security Incidents Should Be Reported To A Central Point In Every Organization
The most important component of security incident reporting is that employees recognize and report security incidents and breaches. This will only occur with a comprehensive security awareness campaign, through which employees are made aware of basic security practices, whereby, they will in turn recognize something wrong and report it.
Responding to Security Incident
Security incidents should be reported to a central point in every organization, this ensures that the organization responds and investigate incidents in a timely and effective manner. Well managed incident reporting, response and management will ensure:
- Timely response
- Skilled investigation lessening risk of evidence corruption
- Cause identified and responded to
- Intelligence for trend analysis
- Measurement tool for success of awareness campaign
- End analysis used to identify security risks
- End analysis used to support return on investment (ROI)
- End analysis used for policy revision and process re-engineering
- End analysis used to supplement business cases for protective security strategies and security product purchases.
Security Categories
These guidelines take a holistic approach to security incident management. A holistic approach is particularly important when incidents are logged and analyzed. Patterns can sometimes emerge that will provide business units with comprehensive picture of activity by correlating seemingly unrelated events or incidents.
The broad categories of security that are included in this document are:
- Physical security
- Personnel security
- Telecommunications security
- Information security, which includes information in all forms.
Security incidents occur when there is a breakdown of protection around the organization in some form or other with the following broad categories:
- People (your staff)
- Customers and clients
- Facilities (buildings and equipment)
- Products and product output
- Vehicles
- IT (networks and computer equipment)
- Business information in all forms.
High Level Incident Categories
The high level categories of security incidents that the organization may encounter include:
- Unauthorized disclosure of sensitive business information
- Loss or theft of sensitive business information
- Unauthorized access to computer systems
- Loss or theft of physical assets including computers, equipment and vehicles
- Loss or theft of employee personal items
- Harassment and or abuse, physical or otherwise of employees
- Receipt of threats and/or hoaxes via mail or telephone
- Breach of copyright and licensing agreements
- Malicious destruction or destruction of assets
- Breach of legislative and regulatory requirements
- Misuse of organization assets
- Fraud and corrupt conduct.
Incident Management
The organization should document a process for the nominated central point for the management of security incidents. The process components should include:
- Incident Notification
- Incident Recording
- Incident investigation.
POC Training
The business unit should ensure that the Point Of Contact (POC) and any other employees involved in incident management and investigation are trained in their various roles and responsibilities. This includes training in response techniques, investigation techniques, rules of evidence, interviewing techniques and intelligence & analysis.
The POC should find out as much as possible regarding the ongoing incident and determine what needs to be done to respond effectively. This may include contacting local law enforcement agencies, notifying security guards onsite and activating emergency response procedures.
Investigation Report
Each investigation should be concluded with a report detailing:
- Incident details
- Impact and/or damage
- Persons involved
- Investigation outcome
- Cause (if known)
- Remedial actions taken
- Outcome (if known)
- Recommendations
The report should be classified according to its content and distribution restricted. The original copy of report should be placed on the relevant investigation file. The POC should ensure that the recommendations made in each report are followed up regularly.
The POC should review their own performance and that of their team if applicable. In larger organization, the POC and team will face varied and sometimes unique incidents. Each response and investigation will provide valuable “learning” that should be incorporated into the process as required.
Trend Analysis
Trend analysis is the reviewing of incident data by correlating the data obtained over a period of time. This is why it is extremely important for all incidents to be reported and managed by a central point in the business unit. Trends shown will help the business unit to manage their risk through the knowledge of actual threats and frequency of those threats occurring. This in turn will allow business units to make informed decisions during the risk assessment process.
Weaknesses
The result of trend analysis will help the organization identify areas of weakness, by location, business area and by incident types. This information should be used to update or upgrade practices and processes or the results may highlight the need for additional processes to be implemented to minimize reoccurrences.
Security Awareness Program
The results should also be used for revising the organization security awareness program so that the delivery of the topics is tailored to what is important to the business at any particular time. For example, if there is a spate of thefts within a business area, then the awareness program should focus on physical access controls, visitor and stranger management; which includes visitor supervision, tailgating and reminding employees to keep attractive items locked away at all times etc.
In the previous article which discussed about the employee security guidelines, this article is one of the series of management of information security for the organization.
Search More Information Here:
See also:
Recent Comments