One Article Review
| Source |  NoticeBored |
|---|---|
| Identifiant | 3526425 |
| Date de publication | 2021-10-18 20:19:51 (vue: 2021-10-18 11:06:06) |
| Titre | Topic-specific policy 6/11: information security incident management |
| Texte | I'm intrigued by the title of this topic-specific policy from the [draft] 3rd edition of ISO/IEC 27002, being the only one of eleven example titles in the standard that explicitly states "information security". I ask myself why? Is there something special about the management of events classed as 'information security incidents', as opposed to other kinds? Hmmmm, yes there are some specifics but I'm not entirely convinced of a need for a distinct, unique policy. I feel there is more in common with the management of all kinds of incident than there are differences in respect of infosec incidents, hence "Incident management policy" makes more sense to me.Here's one I prepared earlier. Organisations deal with events and incidents all the time. Aside from the humdrum routines of business, things don't always go to plan and unexpected situations crop up. Mature organisations typically have incident management policies already, plus the accompanying procedures and indeed people primed and ready to respond to 'stuff' at the drop of a hat. Wouldn't it make sense, therefore, to ensure that "information security incidents" are handled in much the same way as others?That's fine for mature organisations. For the rest, the SecAware information security policy template on incident management concentrates on the specifics of infosec incidents and outlines incident management in general. A workable infosec policy can prompt the development and maturity of incident management by:Documenting and formalising things - particularly the process, expressing management's expectations and requirements in clear terms (e.g. striking the right balance between investigating and resolving incidents, especially where business continuity is a factor).Stabilising the working practices, de-cluttering things, making them more consistent and hence amenable to management control.Enabling reviews and audits, leading to systematic process improvement where appropriate.Discouraging inappropriate shortcuts (e.g. ineptly investigating serious issues, compromising important forensic evidence) while facilitating escalation and management decisions where appropriate (e.g. determining whether forensic investigation is justified). |
| Envoyé | Oui |
| Condensat | i hmmmm ineptly making 27002 3rd 6/11: about accompanying address all already also always ambiguously named amenable appropriate are areas aside ask asked audiences: audits aware back balance being between blog breaches briefly business but by:documenting call can circle classed clear cluttering collaborating common compromising concentrates consistent contemplate continuity contractors control convinced creative crop cyber days deal decisions determining development differences different discouraging discuss distinct don draft drop each earlier edition eleven enabling end ensure entirely escalation especially even events everyone evidence example examples expectations explicitly exploring expressing facilitating factor feel there fine forensic formalising fraud from general handled hat have helping hence here humdrum important improvement inappropriate incident incidents indeed information infosec intended intrigued investigate investigating investigation involves iso/iec issues just justified keep kinds leading leaving led legal lines looking make makes making management managers mature maturity mention mesh more much myself need not notify offer one only opposed organisation organisations other others out outlines outsiders participate particularly people physical pieces plan plus policies policy practices prepared previous primarily primed privacy procedures process professionals prompt ready reasoning related relation relevant reporting requirements resolve resolving respect respond responsibilities rest reviews right roles routines same secaware security sense separately series serious shortcuts simply situations some something special specific specifics spot stabilising staff standard states stimulated striking stuff such systematic team template terms than that them therefore things thinking those time title titles topic total typically understand unexpected unique unless vulnerabilities way where whereas whether whistleblowing who why wish workable workers working wouldn |
| Tags | Guideline |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.