This article provides an overview of incident management for security as part of ISO 27002 compliance.
The objective of reporting information security events and weaknesses is to ensure a consistent and effective approach to the management of information security incidents, including communication on security events and weaknesses.
Reporting Information Security Events and Weaknesses:
- Responsibilities and procedures – management responsibilities and procedures should be established to ensure a quick, effective and orderly response to information security incidents.
- Reporting information security events – information security events should be reported through appropriate management channels as quickly as possible.
- Reporting information security weaknesses – employees and contractors using the organisation’s information systems and services should be required to note and report any observed or suspected information security weaknesses in systems or services.
- Assessment of and decision on information security events – information security events should be assessed and it should be decided if they are to be classified as information security incidents.
- Response to information security incidents – information security incidents should be responded to in accordance with the documented procedures.
- Learning from information security incidents – knowledge gained from analysing and resolving information security incidents should be used to reduce the likelihood or impact of future incidents.
- Collection of evidence – the organisation should define and apply procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence.
For more information please contact Morland-Austin at firstname.lastname@example.org.