Principles And Practices Of Incident Management And Incident Response

1380 Words6 Pages
CHAPTER TWO PRINCIPLES AND PRACTICES OF INCIDENT MANAGEMENT AND INCIDENT RESPONSE STRENGTHS The information security incident management policy of Blyth’s Books was created in 2010 and has been reviewed four times in five years. Those covered by its scope are clearly stated. It stresses the importance of incident management to the organisation and has the support of upper level management. This policy complies with the Computer Misuse Act (1990) which was an act made to secure computer systems and networks from unapproved access. By complying with legal obligation, Blyth’s Books can pursue legal or disciplinary action against anyone (employee or otherwise) guilty of breaching their systems. WEAKNESSES The Data Protection Act (1998)…show more content…
Although some of the recommendations of the ISO/IEC 27035 have been implemented, a large part of the recommendations by the standard are yet to be applied. INCIDENT HANDLING AND MANAGEMENT STRENGTHS Detection and Reporting The security incident management policy of Blyth’s Books is quite comprehensive in the aspect of the detection and reporting of information security events. Detection and reporting of a security incident is vital for an organisation’s survival. If an organisation’s stakeholders and employees cannot detect when an incident has occurred or have detected one but cannot report owing to the fact that how and whom to report to is unknown, the remainder of the incident management procedure which is aimed at getting the organisation back on its feet information security wise cannot be put into process. No one can handle or respond to an incident they have no knowledge of. The security incident management policy of Blyth’s Books was pretty comprehensive in outlining what security incidents are and how they could be identified by those covered in the scope of the policy. A review of Norwegian organisations and institutions performed in 2005 where strategies for data security incidents were analysed demonstrated that statistics
Open Document