![]() ![]() There are many tools on the market to manage security incidents. So, incidents with value 1 are critical because the urgency and impact are high, so they need to be resolved before the other incidents with values 2, 3, 4, or 5 (this is the right sequence to resolve incidents). The intersection of these parameters will allow us to determine the priority of each incident, so in this way you can set, for example, the following table of values: Urgency: Speed with which the organization needs to correct the incident.Impact: Damage caused to the business (in economic terms, image, etc.).There are many ways of classifying incidents, but the usual is to consider two parameters: If the company is small, the technicians for level 1 and level 2 can be the same person. Responsible for knowledge base: Record all information related to the knowledge base.Responsible for changes: Approve changes when necessary.Technical level 2: Decision about the actions and treatment for the resolution of the incident.Technical level 1: Reception of the incident and classification. ![]() Usually, we will define the following responsibilities: Therefore, we can see that these could be different states that an incident could have, and it is also important to inform the user about any changes in the state of the incident. The information generated to resolve the incident is recorded, so if the problem happens again in the future, they can simply refer to the knowledge base they will have the perfect solution without having to waste time. Then the user opens an incident, and incident is resolved and closed. Imagine that a user updates a system and after this – the system is (unintentionally) shut down. Knowledge base: All the information generated during the treatment of the incident is critical for possible similar incidents in the future, as well as to collect evidence.Close the incident: Once the incident is solved, all the information generated during the treatment is recorded, and finally, the person who first sent notification of the incident is notified that it was closed.Treatment of the incident: Once the incident is classified, and the severity and time agreed for its resolution are known, a technical expert needs to decide on the necessary measures to resolve it.The person who detects the incident can also make a classification, but is a technical expert who classifies it in the appropriate way. Classification of the incident: A person receives the incident notification and, depending on various parameters, it is classified.Notification of the incident: A person detects an event that may cause harm to the functioning of the organization, so he needs to communicate the incident according to the communication procedures of the organization (usually an email, a phone call, a software tool, etc.).The management of security incidents is based on different steps, which include: Now we are going to see in the following paragraphs the main things that you need to manage security incidents in accordance with ISO 27001 (Annex A.16 Information security incident management). The first step to achieve this is to establish a procedure to manage security incidents.īefore I continue with the article, let me remind you that ISO 27000 establishes the definition of a security incident in the following way: “a single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security.” Thus, we can assume that incidents will happen in any organization, so it is necessary to establish a mechanism that will allow us to be ready when one occurs, or when someone – an employee, a contractor, third-party users of the systems – detects a weakness in the systems or services. However, this is practically impossible, because the people are not perfect, and therefore neither are information systems and technologies. One of the issues that most concern managers of an organization is that their employees (although employees are not the only source of incidents, but also clients, providers, etc.) be able to work without any incident.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |