This document discusses incident response procedures for an organization. It outlines the roles of the Information Security Officer (ISO) and Data Protection Officer (DPO) in responding to incidents. It also mentions having emergency and business continuity procedures in place to handle high impact incidents. The document stresses the importance of identifying, notifying, and escalating incidents to the appropriate teams like the helpdesk, ISO, or DPO.
11. 11
- Internal - Page
Behind the Curtains
There is an emergency and business
continuity procedure for high impact
incidents.
There are applications in place to detect
and, if possible, stop
SPAM,
malware,
attacks on our servers and our
websites,
…
13. 13
- Internal - Page
Key Takeaways
Be wary of incidents, try to avoid them.
Identify incidents even from others.
Notify incidents
To the person involved
To the helpdesk (and if need be to the ISO)
30 sec IS/DPP survival kit
WrapUp
Notas del editor
Welcome to the seventh part of the baseline training IS/DPP.
Herein we look at incident management.
Incident management is a catch all.
It comes into play if the other security measures are insufficient or not working.
We will always need incident management, because no company can be prepared for everything.
An incident is any situation where data is or could be compromised because the IS/DPP rules were not followed or not sufficient.
Examples are:
your laptop is stolen (even if you find it after a day or so);
you cannot find the file of a secret project you are working on; it is no longer on the place you left it;
you sent and email to the wrong recipient or to a number of recipients that should not have seen eachother’s email address (“TO” or “CC” instead of “BCC”);
you detect that your computer is acting up, the IT department detects that it is a virus;
you receive a phishing email.
Let us run through the process.
You detect that a laptop is stolen.
Do you escalate throughout the organisation? No.
Do you notify the police? No.
You contact the helpdesk.
They help you assess the level of importance.
E.g. if the computer is taken away due to a clean desk sweep the night before, it stops there.
If need be, the helpdesk can escalate to the ISO and/or the DPO.
In case of clear high emergency, you could immediately contact the ISO or DPO.
In any case, if the incident has reached the ISO or DPO, they generally will inform each other and consult on whether to escalate or not and to which parties.
Depending on the level of escalation the incident will be followed-up by helpdesk, ISO/DPO or the team assembled to tackle the incident.
But it all starts with you being attentive and notifying.
That is very important.
Only if you notify us way we can:
Try to contain the risks or harm done to the ABC Group, our staff or our customers.
Get a view on types of incidents and how often they (may) occur.
Try to avoid them from happening again in the future.
There are also a few controls running behind the curtains, like
the business continuity procedure
detection systems on the network
…
We know that all the planning in the world, does not prepare us for everything.
But the fact that we plan, gives us an edge.