Principles And Practices Of Incident Management And Incident Response

1379 Words6 Pages
CHAPTER TWO
PRINCIPLES AND PRACTICES OF INCIDENT MANAGEMENT AND INCIDENT RESPONSE
STRENGTHS
The information security incident management policy of Blyth’s Books was created in 2010 and has been reviewed four times in five years. Those covered by its scope are clearly stated. It stresses the importance of incident management to the organisation and has the support of upper level management.
This policy complies with the Computer Misuse Act (1990) which was an act made to secure computer systems and networks from unapproved access. By complying with legal obligation, Blyth’s Books can pursue legal or disciplinary action against anyone (employee or otherwise) guilty of breaching their systems.
WEAKNESSES
The Data Protection Act (1998) provides the principles which must be adhered to in order to ensure the total protection of data while the International Organisation for Standardisation (ISO) 27035 presents organisations with guidance in the management of information security incidents. This standard stipulates that an organisation should have a clear and concise information security incident management policy. The security incident management policy of Blyth’s Books while compliant with the Computer Misuse Act (1990) does not show that it is compliant with the Data Protection Act (DPA) (1998) and the DPA (1998) being a legal aspect of the International Organisation for Standardisation (ISO) 27035, which must be adhered to, this policy is also not compliant with the standard.
Get Access