Like any corporate action, the realization of the information security incident management process must definitely go through certain successive stages: from determining its necessity to deployment and monitoring. In fact, managers of many companies do not understand the need to use this mechanism for the protection of their IT infrastructure. To that end, for the emergence of an initiative regarding its implementation, it is often necessary to conduct the analysis of information security systems by external advisors. These experts are to develop recommendations that will be used by the management of a particular company in the future.
All procedures for preventing the consequences and primary causes of incidents, grouped by the common features of belonging to a violation of the certain information security policy, must inevitably be documented. Unquestionably, the documentation of response scenarios for each potential information security incident should be performed by experts and recorded in accordance with relevant regulations and rules.
Structure of the regulations
A document arranged in the form of regulations should have the following structural paragraphs:
- clear description of events, defined as incidents in relation to the company’s information security mechanism. For example, the usage of an external email address may be a violation of information security policy for a state-owned enterprise, but at the same time it will be an ordinary action for a private company;
- procedure for notification of an incident.
There should be marked:
- the form of notifications (oral, written, or email); the staff to be informed; time frame of notification after receiving information about the incident;
- specific procedures for eliminating the consequences of the incident, as well as the system for their introduction;
- stages of the investigation. For each stage, it is necessary to appoint the employees responsible for the investigation, to define the process of collecting and
- recording evidence, and to determine acceptable ways of identification of the perpetrator;
- procedure for disciplinary actions against the guilty employees of the company;
- actions on improving IT security that are important to be implemented, based on the results of an incident investigation;
- procedure for minimizing the damage and eliminating the results of incidents.
When preparing regulations that directly affect the mechanism of events control in information security, it is important to be guided by well-developed methods with proven efficiency, along with the documentation, for example, reports, and registers.
Regulations as a basic element of business processes
Regulations that define the mechanism for managing information security incidents must be an integral element of business processes and their regulatory activity, in particular. Taking into account that an incident is determined as an illegal, unauthorized event, it is important to rely on the procedure by which incidents can be divided into authorized and illegal ones. This procedure also defines the structures that have the authority to set such standards. In addition, the regulations should indicate the methods and techniques of classifying incidents, as well as the process of identifying these events with their designation and further introduction into the regulatory documentation.
Advantages of working with Roundsec company
To develop effective regulations for the investigation of information security incidents, it is necessary to have not only theoretical, but also practical knowledge of incident identification. Unfortunately, there are very few specialists with such skills in Russia, and for instance, in Moscow. Roundsec company is an integrated company that specializes in the investigation of information security incidents, in particular, in the preparation of regulations for the investigation of information security incidents.
It should be noted that the regulations for investigating of information security incidents are developed by Roundsec specialists on the basis of and in accordance with the current legislation of the Russian Federation on restricted access information, along with regulatory and methodological documents of federal executive authorities on the security of restricted access information when it is processed in information systems.