24. 07. 2019 Luca Buonocunto Log-SIEM, NetEye, Service Management

5 Bullet Points for Information Security Incident Management

Modern society has continued its increasing use of digital solutions, and today large amounts of sensitive data are stored digitally.  As the value and sensitivity of this information increases, the number of potential threats will increase accordingly.

Verizon Enterprise’s RISK team recently published a report in cooperation with the United States Secret Service (USSS), the Dutch National High Tech Crime Unit (NHTCU), the Australian Federal Police (AFP), the Irish Reporting & Information Security Service (IRISS) and the Police Central e-Crime Unit (PCeU) of the London Metropolitan Police.

This report discusses data breaches in 2011 across 36 different countries, analyzing 855 incidents. It shows that 96% of the (reported) attacks were not particularly technically advanced.

This means that overall, international security is not in a satisfactory state.

Ok great, but how can we deal with it when talking about IT ?

Let’s take a look at what the major Service Management and security frameworks suggest:

First – Have a Policy

SANS Institute and ITIL state that having an information security policy is important. Having a specific policy for incident handling is also an ISO/IEC 27035 standard recommendation.  In addition, the ITIL framework emphasizes that employees should have access to and be aware of this policy in order to participate in the organization’s perceptive network.

The lack of a Security Incident management Policy could indicate that the organization’s information is not sufficiently protected with regard to its sensitivity and value. On the other hand, you should be aware of the importance of having an appropriate balance between security and usability.

Security must never stop business.

Second – Have Reporting and Documentation Systems and Procedures

Employees are often not aware that they are required to report incidents, of how to report incidents, and under which circumstances reporting is necessary.

A documentation system (Knowledge Base) is fundamental to avoid problems in information dissemination that can cause delays in incident handling and may result in serious consequences.

Third – Assess and Prioritize

According to SANS, ITIL and ISO/IEC, incident prioritization rules should be based on an organizational impact analysis. One way to evaluate potential organizational impact caused by incidents is to conduct risk assessments.

Fourth – Have Escalation Processes and Procedures

Responsibilities should be allocated by delegating parts of the incident handling procedures to employees who have expertise relevant for solving the incident.

Assign Responsibilities

Fifth – Perform Reviews and Share the Results

Constant feedback is vital for process improvement and to prevent future incidents.  Be prepared to perform reviews of severe incidents in order to identify root causes and improvements.

Share your experiences with others:  the mutual sharing of experiences is beneficial for organizations as it will make them better prepared to handle incidents. Other organizations may have experienced incidents that can be avoided if the appropriate security measures are implemented.

Wrapping Up

The 5 points above can be easily implemented by using EriZone and NetEye, so be sure to take them into consideration when dealing with Security in your IT Framework.

Luca Buonocunto

Luca Buonocunto


Luca Buonocunto

Leave a Reply

Your email address will not be published. Required fields are marked *