Business & Other
Reader small image

You're reading from  Mastering Information Security Compliance Management

Product typeBook
Published inAug 2023
PublisherPackt
ISBN-139781803231174
Edition1st Edition
Concepts
Robotic Process Automation
Right arrow
Authors (2):
Adarsh Nair
Adarsh Nair
author image
Adarsh Nair

Adarsh Nair is the global head of information security at UST. He is a recognized information security strategist, author, and keynote speaker. Adarsh holds the title of Fellow of Information Privacy (FIP) by IAPP and is a Google Hall of Fame honoree. He serves as co-chair of OWASP Kerala Chapter, an IAPP exam development board member, and an EC-Council advisory board member. With a decade of experience, Adarsh specializes in information security governance, risk and compliance, business continuity, data privacy, ethical hacking, and threat identification and mitigation. He maintains expertise through memberships, training, and certifications, including CISSP, CIPM, CIPP/E, LPT, OSCP, and ISO Lead Auditor. Adarsh has authored two books, published numerous articles and research papers, and delivered impactful presentations at national and international conferences, establishing himself as a thought leader in information security.
Read more about Adarsh Nair

Greeshma M. R.
Greeshma M. R.
author image
Greeshma M. R.

Greeshma M. R. is an entrepreneur and seasoned freelance technology writer, specializing in technology domains, especially information security and Web 3.0. She is interested in exploring the intersection of technology and humanity, as well as the social aspects of technology. Her areas of interest also encompass innovation, sustainable development, gender, and society. She is a co-author and publisher of two books and holds a certification as an ISO 27001 Lead Auditor. Having worked in the IT and knowledge and innovation management domains, Greeshma possesses an interdisciplinary perspective that enriches her approach. She has actively contributed to establishing an innovation ecosystem among students via communities of practice, fostering a culture of creativity and collaboration.
Read more about Greeshma M. R.

View More author details
Right arrow

Information Security Incident Management

It is practically impossible for any organization to be able to work without any incidents. This is because neither people nor systems and technologies are perfect. Information security incident management refers to the steps taken to identify, manage, record, and evaluate security incidents and threats associated with information security. In an information technology infrastructure, this is a highly crucial step to take either after or before a cyber disaster takes place.

In this chapter, we will look at the entire information security incident management process, starting with what a security incident is and moving on to the step-by-step process of incident management. This will be followed by an evaluation of the effectiveness of the process by implementing the appropriate controls. We will also look into how incident management is formed in an organization and the related standards to look into.

Security incidents are inevitable and...

Understanding security incidents and incident management

Figure 6.1 shows the representation of an occurrence of an incident. ISO 27000 defines a security incident as “a single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security” (https://www.iso.org/). There can be different sources of incidents, such as employees, clients, and third-party vendors. When an incident occurs or a weakness is discovered in a system or service, a mechanism must be established to ensure that an organization can respond quickly and effectively. The first thing that needs to be done to accomplish this goal is to devise a plan to handle any security problems that may arise.

ISO 27035 is the standard that talks in detail about information security incident management. Information security incidents and vulnerabilities can be identified, documented, assessed, responded to...

Information security incidents and breaches

If a company’s security policy is violated, it results in a security incident. It can be an event that compromises any one pillar of the Confidentiality, Integrity, and Availability (CIA) triad. A security breach is when an unauthorized entity gains access to the organization’s data, network, applications, or devices, which results in the disclosure of critical/sensitive information. An incident may or may not evolve as a breach.

Let us investigate a few examples to understand the difference between a security event, incident, and breach better:

  • Let’s imagine that in the building of organization XYZ, a window that provides access to physical files with personally identifiable information is accidentally left open. This is an event. Now, if a couple of files are missing, resulting from this careless act, it results in an incident. If someone with malicious intentions gains access to the files and, as a result...

The incident management process

Preparedness is essential for being effective in the event of a significant incident. This is a common-sense statement, yet it is not always followed in practice. In most cases, only after a few major incidents have occurred it is common for an organization to develop a set of incident-handling procedures, testing and adjusting those processes to meet its needs. Some organizations only equip themselves to handle an issue in part, and a comprehensive system that can deal with any form of an incident may not be present.

The first step is to find out which security events should be investigated, and at what thresholds, by also considering the business continuity requirements of the organization. The next step is to draft a response strategy for each different kind of incident. It is possible to improve it through security event simulations, which allow you to uncover gaps in your process, but it will also be improved after actual events have occurred...

Understanding the controls related to incident management from Annex of ISO 27001:2022

Security incidents, events, and weaknesses are addressed in the Annex A controls from 5.24 to 5.28 and 6.8 of ISO 27001. These controls aim to ensure that incidents, events, and weaknesses are handled in a uniform and effective manner throughout their life cycle.

A.5.24 – information security incident management planning and preparation

To provide a prompt, efficient, and well-organized reaction to resolve vulnerabilities, events, and security incidents, the management of an organization needs to define roles, responsibilities, and procedures. An incident is where the CIA triad is affected.

Prior to the occurrence of an incident, the protocols for incident, event, and response planning need to be well established and approved by the leadership. During an audit, the formal, documented procedures are expected to be in place, along with evidence that they are working.

A.6.8 –...

Understanding the roles and responsibilities of the incident management team

An information security incident management process entails the steps necessary to finding, analyzing, and fixing issues, as well as speeding up the recovery of systems that have been compromised. An interdisciplinary team with a range of expertise is needed to address the myriad of challenges that may arise during this procedure. Management, IT and non-IT workers, physical security personnel, human resources, legal counsel, public relations specialists, reporters, and even emergency services may all be involved in the incident.

The incident response team manages cyberattacks, system failures, and data breaches. These teams may also create incident response plans, identify and fix system vulnerabilities, enforce security policies, and evaluate security best practices.

Incident management teams at various organizations may be referred to by different names, and except for a few differences, these teams...

ISO/IEC standards related to information security incident management

ISO/IEC 27035 is the guideline standard for information security incident management. There are also six other standards that relate to information security incident management in one way or the other. Let’s explore all seven standards as follows:

  • ISO/IEC 27035 (Information technology – Security techniques – Information security incident management) (https://www.iso.org/): Information security incident management is explained, focusing on detection, reporting, evaluation, response, and lessons learned, which comprises three parts (https://www.iso.org/):
    • Part 1: The principles of incident management
    • Part 2: Guidelines for planning and preparing for incident response
    • Part 3: Guidelines for ICT incident response operations
  • ISO/IEC 27037 (Information technology – Security techniques – Guidelines for identification, collection, acquisition, and preservation of digital evidence...

Summary

To conclude, reducing recovery costs, liabilities, and damage to information systems all depend on having a solid incident management process in place. The financial and operational effects of incidents can be mitigated through early detection and rapid response. It is essential to have an information security incident response plan in place to guarantee that your firm is prepared to deal with all information security problems. This reduces information security attack costs and prevents further breaches.

The framework or process for incident management is executed through a strong incident management team. The process itself takes inputs from the various standards published by ISO that relate to incident management.

In the next chapter, we will discuss the case studies of ISO 27001 implementation that relate to risk management, the implementation of controls, ISMS development stages, and incident management.

lock icon
The rest of the chapter is locked
Previous Chapter
Chapter 9 of 19
Next Chapter
You have been reading a chapter from
Mastering Information Security Compliance Management
Published in: Aug 2023Publisher: PacktISBN-13: 9781803231174
© 2023 Packt Publishing Limited All Rights Reserved
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
undefined
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at $15.99/month. Cancel anytime

Authors (2)

author image
Adarsh Nair

Adarsh Nair is the global head of information security at UST. He is a recognized information security strategist, author, and keynote speaker. Adarsh holds the title of Fellow of Information Privacy (FIP) by IAPP and is a Google Hall of Fame honoree. He serves as co-chair of OWASP Kerala Chapter, an IAPP exam development board member, and an EC-Council advisory board member. With a decade of experience, Adarsh specializes in information security governance, risk and compliance, business continuity, data privacy, ethical hacking, and threat identification and mitigation. He maintains expertise through memberships, training, and certifications, including CISSP, CIPM, CIPP/E, LPT, OSCP, and ISO Lead Auditor. Adarsh has authored two books, published numerous articles and research papers, and delivered impactful presentations at national and international conferences, establishing himself as a thought leader in information security.
Read more about Adarsh Nair

author image
Greeshma M. R.

Greeshma M. R. is an entrepreneur and seasoned freelance technology writer, specializing in technology domains, especially information security and Web 3.0. She is interested in exploring the intersection of technology and humanity, as well as the social aspects of technology. Her areas of interest also encompass innovation, sustainable development, gender, and society. She is a co-author and publisher of two books and holds a certification as an ISO 27001 Lead Auditor. Having worked in the IT and knowledge and innovation management domains, Greeshma possesses an interdisciplinary perspective that enriches her approach. She has actively contributed to establishing an innovation ecosystem among students via communities of practice, fostering a culture of creativity and collaboration.
Read more about Greeshma M. R.

Personalised recommendations for you

Based on your interests and search pattern

Engineering Manager's Handbook

Engineering Manager's Handbook

Engineering Manager's Handbook is a comprehensive guide for managers to excel in their role, foster customer-centric digital products, learn leadership, team building, and balancing technical work with management. You’ll also explore how to develop trust, authority, and collaboration to drive success and make a lasting impact.

BookSep 2023278 pages
C++ Game Animation Programming

C++ Game Animation Programming

Video game characters have a fascinating history, evolving from simple 2D sprites to high-polygon 3D models. Take a look behind the curtain and learn how to build a 3D renderer, load character models, play animations and blend between them, and create large crowds of animated people with this comprehensive C++ game animation programming guide.

BookDec 2023480 pages
Gamification for Product Excellence

Gamification for Product Excellence

This book helps you to take your product management strategy to the next level by standing out in crowded markets. Along with boosting user adoption rates by creating engaging products that incorporate playful elements, learn gamification theory and how to integrate it into your design, product development, and product management processes.

BookSep 2023350 pages
Supercharging Productivity with Trello

Supercharging Productivity with Trello

Supercharging Productivity with Trello is the ultimate guide for anyone looking to boost their productivity with digital tools. Whether you're new to Trello or a seasoned professional, this book covers everything from core features to advanced automation, and Power-Ups.

BookAug 2023342 pages
Automate It with Zapier and Generative AI

Automate It with Zapier and Generative AI

This comprehensive guide takes you through the concepts of business process automation, showing you how Zapier can facilitate it without having to write code and helping you to boost productivity. You’ll learn how to save time, reduce costs, and make your business recession-proof by using Zapier to automate tasks in your cloud-based business apps.

BookAug 2023706 pages
Scoring to Picture in Logic Pro

Scoring to Picture in Logic Pro

In this book, you’ll explore a variety of techniques to synchronize music to picture using Logic Pro. Though this is not a technical manual, it will teach you how to make the best use of Logic Pro and how to wield this technology to maximize your potential when scoring to picture.

BookSep 2023412 pages
Mastering Information Security Compliance Management

Mastering Information Security Compliance Management

This concise book equips you with the knowledge and practices needed to establish and maintain an effective information security management system. The chapters provide insights into ISO/IEC 27001/27002:2022, risk management, ISMS development, incident management, audit processes, and strategies for continuous improvement.

BookAug 2023236 pages1
Implementing Atlassian Confluence

Implementing Atlassian Confluence

Implementing Atlassian Confluence provides both a high-level overview and an insightful path for remote collaboration with Atlassian Confluence. With this multi-layered yet practical guide, you’ll be able to set up Confluence-based collaboration with minimum external consultancy services to ensure smooth and close coordination between teams.

BookSep 2023406 pages
R Bioinformatics Cookbook

R Bioinformatics Cookbook

This book takes a unique problem–solution approach to handling complex tasks in the bioinformatics domain using different datasets present in the book. With the help of real-world examples, you’ll learn to put each independent recipe to use to tackle problems in the field of bioinformatics.

BookOct 2023396 pages
Build Your Own Metaverse with Unity

Build Your Own Metaverse with Unity

Build Your own Metaverse with Unity is a practical guide for developers to create their own metaverse - a virtual world with infinite possibilities. It empowers you to identify gaps in existing metaverses and improve upon them, enabling you to shape your virtual world.

BookSep 2023586 pages5