Information Incident Management Policy



From this document you will learn the answers to the following questions:

Whose information security policy is to ensure that it responds appropriately to security incidents?

What did the Council replace procedures with?

What year did the Council change its Information security policy?

Similar documents
DBC 999 Incident Reporting Procedure

Information Security Incident Management Policy and Procedure

Security Incident Management Policy

Information Security Incident Management Policy and Procedure. CONTROL SHEET FOR Information Security Incident Management Policy

Security Incident Policy

RHONDDA CYNON TAF COUNTY BOROUGH COUNCIL INFORMATION SECURITY INCIDENT MANAGEMENT POLICY Version 2.0.1

Information Security Incident Management Policy

U07 Information Security Incident Policy

How To Protect Decd Information From Harm

DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE

SECURITY INCIDENT REPORTING AND MANAGEMENT. Standard Operating Procedures

Information Security

STRATEGIC POLICY REQUIRED HARDWARE, SOFTWARE AND CONFIGURATION STANDARDS

Information security incident reporting procedure

The potential legal consequences of a personal data breach

ABERDARE COMMUNITY SCHOOL

Guidance on data security breach management

Procedures on Data Security Breach Management Version Control Date Version Reason Owner Author 16/09/2009 Draft 1 Outline Draft Jackie Groom

NOS for IT User and Application Specialist. IT Security (ESKITU04) November 2014 V1.0

Incident reporting procedure

So the security measures you put in place should seek to ensure that:

Incident Response Plan for PCI-DSS Compliance

Guidance on data security breach management

Information Security Incident Management Policy September 2013

Data Security Breach Management - A Guide

THE MORAY COUNCIL. Guidance on data security breach management DRAFT. Information Assurance Group. Evidence Element 9 appendix 31

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Islington Security Incident Policy A council-wide information technology policy. Version July 2013

Corporate Information Security Policy

CAVAN AND MONAGHAN EDUCATION AND TRAINING BOARD. Data Breach Management Policy. Adopted by Cavan and Monaghan Education Training Board

BCS IT User Syllabus IT Security for Users Level 2. Version 1.0

University of Aberdeen Information Security Policy

UBC Incident Response Plan

Document Control. Version Control. Sunbeam House Services Policy Document. Data Breach Management Policy. Effective Date: 01 October 2014

IT ACCESS CONTROL POLICY

Data Breach Management Policy and Procedures for Education and Training Boards

Incident Reporting Guidelines for Constituents (Public)

Data Protection Policy

Information Security Policy London Borough of Barnet

Standard: Information Security Incident Management

Information Security Code of Conduct

The Bishop s Stortford High School Internet Use and Data Security Policy

Data Security Incident Response Plan. [Insert Organization Name]

Data Security Breach Management Procedure

Security Awareness. A Supplier Guide/Employee Training Pack. May 2011 (updated November 2011)

Information Security Incident Management Guidelines. e-governance

NETWORK SECURITY POLICY

Human Resources Policy documents. Data Protection Policy

INTERNET, USE AND

How To Ensure Network Security

Senior School 1 PURPOSE 2 SCOPE 3 SCHOOL RESPONSIBILITIES

Information Security Policy

GUIDE TO MANAGING DATA BREACHES

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY

INFORMATION SECURITY INCIDENT REPORTING POLICY

Coláiste Pobail Bheanntraí

Working Practices for Protecting Electronic Information

School Information Security Policy

INFORMATION SECURITY POLICY. Contents. Introduction 2. Policy Statement 3. Information Security at RCA 5. Annexes

UNIVERSITY OF ST ANDREWS. POLICY November 2005

NIGB. Information Governance Untoward Incident Reporting and Management Advice for Local Authorities

Information Governance Strategy & Policy

Physical Security Policy Template

Information Technology Services Information Security Incident Response Plan

Cork ETB Data Breach Management Policy and Procedures

NETWORK AND INTERNET SECURITY POLICY STATEMENT

A practical guide to IT security

Acceptable Use Policy

INFORMATION TECHNOLOGY SECURITY STANDARDS

INTERNET, AND COMPUTER USE POLICY.

Harper Adams University College. Information Security Policy

Online Communication Services - TAFE NSW Code of Expected User Behaviour

Information Systems Acceptable Use Policy for Learners

Acceptable Usage Guidelines. e-governance

PS177 Remote Working Policy

NEW JERSEY STATE POLICE EXAMPLES OF CRIMINAL INTENT

Internet Use Policy and Code of Conduct

HAZELDENE LOWER SCHOOL

Somerset County Council - Data Protection Policy - Final

Acceptable Use Policy

Information Security Policy

Information Governance Strategy

Service Children s Education

Information Security Policy. Chapter 10. Information Security Incident Management Policy

STFC Monitoring and Interception policy for Information & Communications Technology Systems and Services

2.0 Emended due to the change to academy status Review Date. ICT Network Security Policy Berwick Academy

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

Version: 2.0. Effective From: 28/11/2014

BOARD OF DIRECTORS PAPER COVER SHEET. Meeting date: 22 February Title: Information Security Policy

Information Security Incident Reporting & Investigation

Cyber Security Incident Reporting Scheme

Data Security Breach Incident Management Policy

INFORMATION SECURITY POLICY

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

Information Security Baseline (minimal measures)

ICT NETWORK AND INFRASTRUCTURE FILE SERVER POLICY

Transcription:

Information Incident Management Policy Change History Version Date Description 0.1 04/01/2013 Draft 0.2 26/02/2013 Replaced procedure details with broad principles 0.3 27/03/2013 Revised following audit review 0.4 26/04/203 Revised following IGB consultation

Contents 1.Purpose...... 3 2.Scope...... 3 3.Definition...... 3 4.Policy...... 4 4.1 Incident Management Principles... 4 4.2 Responsibilities... 5 4.2.1 All Information Users... 5 4.2.2 Managers... 5 4.2.3 Service Providers and Partnership Working... 5 4.2.4 Information Incident Contact Point... 5 4.2.5 Information Governance Officer... 5 4.2.6 ICT Security... 6 4.2.7 Senior Information Risk Owner... 6 4.2.8 Caldicott Guardian... 6 4.2.9 Data Protection Officer... 6 4.2.10 Audit Services... 6 4.3 Compliance... 6 4.4 Review... 6 Appendix Examples of Information Security Events and Incidents... 8

1. Purpose Information incidents giving rise to threats to the confidentiality, integrity and availability of the Council s information are increasingly a part of everyday business. The Council through its information governance and security policies seeks to minimise the frequency of such incidents. The aim of this policy is to ensure that WCC reacts appropriately to any actual, or suspected, security incidents relating to any of its information, be it digital, paper-based or any other media. This Information security incident management policy is a key element in ensuring that the Council: - Understands and recognises actual or suspected information security events and incidents when they arise. Acts in a way that ensures that the event or incident is managed and resolved promptly, minimising the impact upon the public, the Council and its employees. Investigates incidents properly and learns any lessons necessary to ensure a cycle of continual improvement of information security The aim of this policy is to ensure that WCC achieves the above by requiring:- A single information incident contact and logging point. A documented set of management procedures Prompt evaluation, escalation and remedial action An investigation and reporting procedure Risk management procedures to be applied 2. Scope This policy applies to all Councillors, Committees, Departments, Partners, Employees of the Council, contractual third parties and agents of the Council who use WCC information, ICT facilities and equipment, or have access to, or custody of, customer information or WCC information. All users must understand and adopt use of this policy and are responsible for ensuring the safety and security of the Council s information assets. All users have a role to play and a contribution to make to identifying potential risks to the safe and secure use of information and any Information technology. 3. Definition The definition of an Information Incident is an adverse event affecting an information asset that has caused or has the potential to have an adverse effect on the public or community, or the Council, its service users, its employees, or its partners.

Examples are physical harm, embarrassment or distress to individuals, damage to organisational reputation, financial impact etc. Incident management is concerned with intrusion, theft, the compromise and misuse of information and information resources, and the continuity of critical information processes. Examples of Information Incidents are given in the Appendix. 4. Policy 4.1 Incident Management Principles This policy sets out the principles for the management of information incidents below. The principles are:- A single information incident contact point for all types of information incident (manual, electronic, etc). Information capture / logging of all information events confirmed as incidents. Scripted handling of initial information event contacts. Guidance available for information users on reporting information events and incidents. Progress/tracking information logged from initial contact through to incident resolution. Identified time critical tasks with set targets and escalation steps. Assessment of potential severity as early as possible, to determine the appropriate incident management actions. Standard assessment of incident severity consistent with risk management guidance. High severity or potential high severity incidents or to be referred to the Senior Information Risk Owner as soon as identified. Procedures to allocate an investigation to an appropriate investigation officer according to the type of incident. Specific procedures to cover incident issues such as communications protocols and preservation and collection of evidence.

Severe incidents will be reported in a Post Incident Review to Strategic Executive Board and/or, Corporate Delivery Board and Risk Management Board. Summary reports of non-severe incidents to Risk Management Board. The Information Risk Register to include all identified risks arising from information incidents. All procedures maintained and reviewed annually or as required. Though all information incidents will be reported to a single contact point, distinction is drawn from that point between ICT technical incidents (e.g. malware, software malfunction, hacking incidents) and those involving disclosure of manual records or end user behaviour, which will necessarily follow different investigation and incident management routes, but should still comply with the above principles. 4.2 Responsibilities 4.2.1 All Information Users It is the responsibility of all WCC information users to be able to identify potential security events and weaknesses and to take immediate action to report these directly to the Information Incident Contact Point or their line manager once identified. 4.2.2 Managers All managers should ensure that their staff are aware of their obligations under this policy and support them in meeting these obligations. 4.2.3 Service Providers and Partnership Working Any information security incident that involves WCC information must be reported without delay. This should be a contractual requirement where a service contract exists and included in any information sharing agreement for the sharing of personal information. WCC managers and employees must be aware of similar obligations to other agencies if a security breach involves their information. 4.2.4 Information Incident Contact Point The contact point procedures must ensure that all events that are reported are promptly recorded and forwarded to the appropriate staff for action. 4.2.5 Information Governance Board

The Information Governance are responsible for implementing and monitoring compliance with this policy. 4.2.6 ICT Security ICT security are responsible for documenting and implementing the Council s ICT information incident management procedures. 4.2.7 Senior Information Risk Owner / Information Asset Owners The SIRO is responsible for ensuring that appropriate incident management plans are put in place as soon as possible to deal with high impact incidents. The SIRO is also responsible, with support from Information Asset Owners 1, for ensuring that all incidents are subject to investigation and subject to information risk management processes. 4.2.8 Caldicott Guardian The Caldicott Guardian will be involved in the incident management process where the information security incident involves Community, Adult or Children s or Public Health information, to fulfil their role of championing the fair, legal and ethical treatment of service user information within social care. 4.2.9 Data Protection Officer The Data Protection Officer will be advised of all medium and high impact incidents affecting personal information and should advise on communication with the affected data subjects and the Information Commissioner s Office in liaison with the SIRO. 4.2.10 Audit Services Audit Services are responsible for reviewing incident procedures and plans, providing advice where securing evidence is an issue and or the involvement of the Police is possible, undertaking investigations, undertaking reviews and providing advice. 4.3 Compliance Compliance with this policy will be monitored and reviewed by the Information Governance Board and will be subject to review by Audit Services. 4.4 Review 1 Information Asset Owners have designated responsibility for specific Information governance and security arrangements relating to their Information Assets

This policy will be reviewed at least annually or when required by changed circumstances.

Appendix Examples of Information Security Events and Incidents Examples of the most common Information Security Events and Incidents are listed below. It should be noted that this list is not exhaustive. Criminal events: Theft of equipment, data or information, fraud or fraudulent activities; Blagging offences where information is obtained by deception e.g. unknown people asking for information, such as a password or details of a third party, that could gain them access to Council data or receiving unsolicited mail that requires you to enter password data; Attempts (either failed or successful) to gain unauthorised access to data or information stored on computer systems e.g. hacking; Copyright issues; Technical events: Changes to information or data or system hardware, firmware, or software characteristics without the Council s knowledge, instruction, or consent e.g. malware (viruses, Trojans etc.); use of unapproved or unlicensed software on Council equipment; Unwanted disruption or denial of service to a system e.g. spam attacks; receiving unsolicited mail of an offensive nature; receiving and forwarding chain letters including virus warnings, scam warnings and other emails that encourage the recipient to forward onto others; Hardware/software failures; People Events: Accidental loss of equipment, data or information including handheld devices such as Blackberries; Failing to lock a PC screen when left unattended. Human error e.g. emailing personal and/or sensitive personal information outside of the Council s network either in error or without appropriate security measures in place; Sharing/transfer of data or information, including personal and/or sensitive information with those who are not entitled to receive that information; without the consent of the data subject; and sharing more than the necessary amount of personal/sensitive information to complete required tasks; The unauthorised use of a system for the processing or storage of data by any person; Accessing computer systems/applications using someone else s authorisation e.g. user id and password; sharing access tokens or logins; leaving your desk without logging off; Disclosure of passwords/writing it down, and leaving it on display where it would be easy to find and used by unauthorised users;

Printing or copying confidential information and not storing it correctly or confidentially e.g. leaving documents on photocopiers; Physical and Environmental events: Unforeseen circumstances e.g. fire or flood; Unsecure premises; Unlocked/unsecured workstations.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information