Commentary

Sadly it is not a perfect world and when breaches of security do occur, for whatever reason, it is important to contain the result by reporting the incident and responding to it as quickly as possible.

To whom should an incident be reported?

What information will that person need to know?

What precautions should one take to limit the organisation's exposure to the security breach?

It is essential that all staff know what comprises an information security incident and also a security weakness and to whom they report it. At the same time it is essential that all management know how to respond if they are on the escalation process for information security incident management reporting or escalation

It may be that there will be little or no time to organise a response to the incident, in which case the more thinking which has gone into the response procedure the better placed the organisation will be to deal with it. Documented and practices information security incident management procedures should be developed and practiced.

Whilst information security incidents are not a desired outcome for any organisation, they must learn, and their staff must learn, from them to prevent them occurring again. A process of learning from such incidents by use of induction training, ongoing awareness training or other means should be undertaken and all staff, contractors and third parties should be undertaken.

Remember that if the response is likely to include formal disciplinary action then the full process should be formally described and approved by the organisational management to remove the possibility of dispute after the event.

If evidence is to be collected it should be done by competent staff and with due regard for rules of evidence for the jurisdiction.

An Introduction To Information, Network and Internet Security
Commentary Sadly it is not a perfect world and when breaches of security do occur, for whatever reason, it is important to contain the result by reporting the incident and responding to it as quickly as possible. To whom should an incident be reported? What information will that person need to know? What precautions should one take to limit the organisation's exposure to the security breach? It is essential that all staff know what comprises an information security incident and also a security weakness and to whom they report it. At the same time it is essential that all management know how to respond if they are on the escalation process for information security incident management reporting or escalation It may be that there will be little or no time to organise a response to the incident, in which case the more thinking which has gone into the response procedure the better placed the organisation will be to deal with it. Documented and practices information security incident management procedures should be developed and practiced. Whilst information security incidents are not a desired outcome for any organisation, they must learn, and their staff must learn, from them to prevent them occurring again. A process of learning from such incidents by use of induction training, ongoing awareness training or other means should be undertaken and all staff, contractors and third parties should be undertaken. Remember that if the response is likely to include formal disciplinary action then the full process should be formally described and approved by the organisational management to remove the possibility of dispute after the event. If evidence is to be collected it should be done by competent staff and with due regard for rules of evidence for the jurisdiction.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security