Information Security Policy. Chapter 10. Information Security Incident Management Policy



Similar documents
Information Security Incident Management Policy and Procedure. CONTROL SHEET FOR Information Security Incident Management Policy

Information Security Incident Management Policy and Procedure

Security Incident Management Policy

Security Incident Policy

Information Security Incident Management Policy

Physical Security Policy

ISO IEC ( ) TRANSLATED INTO PLAIN ENGLISH

INFORMATION SECURITY INCIDENT REPORTING POLICY

DBC 999 Incident Reporting Procedure

IT Security Incident Management Policies and Practices

How To Protect Decd Information From Harm

Information Incident Management Policy

Information Security Policy. Chapter 13. Information Systems Acquisition Development and Maintenance Policy

Standard: Information Security Incident Management

16) INFORMATION SECURITY INCIDENT MANAGEMENT

SECURITY INCIDENT REPORTING AND MANAGEMENT. Standard Operating Procedures

Rulebook on Information Security Incident Management General Provisions Article 1

Cyber Security Incident Handling Policy. Information Technology Services Center (ITSC) of The Hong Kong University of Science and Technology

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

THE MORAY COUNCIL. Guidance on data security breach management DRAFT. Information Assurance Group. Evidence Element 9 appendix 31

Information Security Policy. Chapter 12. Asset Management

CITY UNIVERSITY OF HONG KONG Information Security Incident Management Standard

Human Resources Policy documents. Data Protection Policy

Information Security Management System (ISMS) Policy

SECURITY POLICY REMOTE WORKING

Mike Casey Director of IT

Head of Information & Communications Technology Responsible work team: ICT Security. Key point summary... 2

Third Party Security Requirements Policy

University of Sunderland Business Assurance Information Security Policy

Information Security Policy. Appendix B. Secure Transfer of Information

Issue 1.0. UoG/ILS/IS 001. Information Security and Assurance Policy. Information Security and Compliance Manager

Service Children s Education

Data Security Incident Response Plan. [Insert Organization Name]

AUGUST 28, 2013 INFORMATION TECHNOLOGY INCIDENT RESPONSE PLAN Siskiyou Boulevard Ashland OR 97520

Four Top Emagined Security Services

Acceptable Use of Information Systems Standard. Guidance for all staff

Best Practices: Reducing the Risks of Corporate Account Takeovers

Incident Response. Six Best Practices for Managing Cyber Breaches. Nick Pollard, Senior Director Professional Services EMEA / APAC, Guidance Software

IT ACCESS CONTROL POLICY

Security Incident Management Process. Prepared by Carl Blackett

Information Security Incident Management Guidelines. e-governance

WEST LOTHIAN COUNCIL INFORMATION SECURITY POLICY

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

PS177 Remote Working Policy

UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE

Feedback Ferret. Security Incident Response Plan

Working Practices for Protecting Electronic Information

Incident Response Plan for PCI-DSS Compliance

INFORMATION SECURITY MANAGEMENT SYSTEM. Version 1c

Customer-Facing Information Security Policy

Version: 2.0. Effective From: 28/11/2014

INFORMATION TECHNOLOGY SECURITY STANDARDS

Information Security Policy

University of Aberdeen Information Security Policy

The Ministry of Information & Communication Technology MICT

Incident Object Description and Exchange Format

DUUS Information Technology (IT) Incident Management Standard

SCOTTISH CHILDREN S REPORTER ADMINISTRATION

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

Information Security Policy

DATA BREACH COVERAGE

Threat Management: Incident Handling. Incident Response Plan

LSE PCI-DSS Cardholder Data Environments Information Security Policy

Information Technology Security Review April 16, 2012

KEELE UNIVERSITY IT INFORMATION SECURITY POLICY

Islington ICT Physical Security of Information Policy A council-wide information technology policy. Version 0.7 June 2014

KEY STEPS FOLLOWING A DATA BREACH

Cybersecurity: Protecting Your Business. March 11, 2015

Information Security Policies. Version 6.1

External Supplier Control Requirements

Information Security Incident Protocol

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

IT OUTSOURCING SECURITY

Information Classification and. Handling Policy

INFORMATION TECHNOLOGY POLICY

Information Governance Policy

Defensible Strategy To. Cyber Incident Response

Business Case Outsourcing Information Security: The Benefits of a Managed Security Service

UNCLASSIFIED. General Enquiries. Incidents Incidents

NHS HDL (2006)41 abcdefghijklm. = eé~äíü=aéé~êíãéåí= = aáêéåíçê~íé=çñ=mêáã~êó=`~êé=~åç=`çããìåáíó=`~êé

Incident Response. Proactive Incident Management. Sean Curran Director

MEASURES TO ENHANCE MARITIME SECURITY. Industry guidelines on cyber security on board ships. Submitted by ICS, BIMCO, INTERTANKO and INTERCARGO

Protection of Computer Data and Software

Newcastle University Information Security Procedures Version 3

INFORMATION SECURITY POLICY

INFORMATION SECURITY: UNDERSTANDING BS BS 7799 is the most influential, globally recognised standard for information security management.

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager

Transcription:

Information Security Policy Chapter 10 Information Security Incident Management Policy Author: Policy & Strategy Team Version: 0.4 Date: December 2007 Version 0.4 Page 1 of 6

Document Control Information Document ID Document title Information Security Incident Management Policy Version 0.4 Status Draft Author D. Windel Job title Policy & Strategy Manager Department Information Services Publication date Approved by Next review date Distribution Version 0.4 Page 2 of 6

1. INFORMATION SECURITY INCIDENT MANAGEMENT POLICY... 4 1.1. OVERVIEW... 4 1.2. POLICY STATEMENT... 4 1.3. SCOPE OF THIS POLICY... 4 1.4. REPORTING INFORMATION SECURITY EVENTS AND WEAKNESSES... 4 1.4.1. Reporting Information Security Events... 4 1.4.2. Reporting Information Security Weaknesses... 4 1.5. MANAGEMENT OF INFORMATION SECURITY INCIDENTS AND IMPROVEMENTS... 5 1.5.1. Responsibilities and Procedures... 5 1.5.2. Learning from Information Security Incidents... 6 1.5.3. Collection of Evidence... 5 1.6. POLICY COMPLIANCE... 6 Version 0.4 Page 3 of 6

1. Information Security Incident Management Policy 1.1. Overview The aim of this policy is to ensure that Sefton Council s information systems and data are protected from any actual or suspected security incidents. The definition of an incident is an adverse event that has caused or has the potential to cause damage to an organisations assets, reputation and/or personnel. Incident management in IT is concerned with intrusion, compromise and misuse of information and information resources, and the continuity of critical information systems and processes. This policy applies in the majority to IT Support staff with the exception of sections 1.4.1. and 1.4.2. that applies to all employees across the Council. Reported events and weaknesses need to be assessed by an information security advisor (selected from experience within Information Services for the particular incident). The advisor enables the Information Services department to identify when a series of events or weaknesses have escalated to become an incident. It is vital for the Information Services department to gain as much information as possible from the business users to identify if an incident is occurring. 1.2. Policy Statement All Sefton Council employees, contractors and users with access to Sefton Council s equipment and information (in any format including electronic and paper records) are responsible for ensuring the safety and security of the Council s systems and the information that they use or manipulate. 1.3. Scope of this Policy This policy applies to all users of the Council s facilities and equipment including staff and any third party suppliers and contractors. All users have a role to play and a contribution to make to the safe and secure use of technology and the information that it holds. 1.4. Reporting Information Security Events and Weaknesses 1.4.1. Reporting Information Security Events for all Employees Security events for example a virus infection could quickly spread and cause data loss across the organisation. All users must be able to identify that any unexpected or unusual behaviour on the workstation could potentially be a software malfunction. If an event is detected users must: Note the symptoms and any error messages on screen Disconnect the workstation from the network if an infection is suspected (with assistance from IT Support Staff) Not use any removable media (for example USB memory sticks) that may also have been infected All security events should be reported immediately to the Information Services Helpdesk on ext 4999. If the Information Security event is in relation to paper or hard copy of information for example personal information files are stolen from a filing cabinet this must be reported to Senior Management and either the Data Protection Officer or Caldecott Guardian for the impact to be assessed. 1.4.2. Reporting Information Security Weaknesses for all Employees Security weaknesses for example a software malfunction must be reported through the same process as security events. Users must not attempt to prove a security weakness as such an action may be considered to be misuse. Version 0.4 Page 4 of 6

Weaknesses reported to application and service providers by employees must also be reported internally to Information Services. The service provider s response must be monitored and the effectiveness of its action to repair the weakness must be recorded by Information Services. 1.4.3. Reporting Information Security Events for IT Support Staff Information security events and weaknesses must be reported to a nominated central point of contact within Information Services as quickly as possible and the incident response and escalation procedure must be followed. Security events can include: Uncontrolled system changes Access violations Breaches of physical security Non compliance with policies Systems being hacked or manipulated Security weaknesses can include: Inadequate firewall or antivirus protection System malfunctions or overloads Malfunctions of software applications Human errors The reporting procedure must be quick and have redundancy built in. All events must be reported to at least two nominated people within Information Services who must both be required to take appropriate action. The reporting procedure must set out the steps that are to be taken and the time frames that must be met. An escalation procedure must be incorporated into the response process so that users and support staff are aware who else to report the event to if there is not an appropriate response within a defined period. Incidents must be reported to the Business Continuity management teams should the incident become service affecting. 1.5. Management of Information Security Incidents and Improvements A consistent approach to dealing with all security events must be maintained across the Council. The events must be analysed and the security advisor must be consulted to establish when security events become escalated to an incident. The incident response procedure must be a seamless continuation of the event reporting process and must include contingency plans to advise the Council on continuing operation during the incident. 1.5.1. Collection of Evidence If an incident may require information to be collected for an investigation strict rules must be adhered to. The collection of evidence for a potential investigation must be approached with care. Internal Audit must be contacted immediately for guidance and strict processes must be followed for the collection of forensic evidence. If in doubt about a situation for example concerning computer misuse contact the IS Helpdesk on 4999 for advice. 1.5.2. Responsibilities and Procedures Management responsibilities and appropriate procedures must be established to ensure an effective response against security events. The security advisor from Information Services must decide when events are classified as an incident and the most appropriate response. Version 0.4 Page 5 of 6

An incident management process must be created and include details of: Identification of the incident, analysis to ascertain its cause and vulnerabilities it exploited Limiting or restricting further impact of the incident Tactics for containing the incident Corrective action to repair and prevent reoccurrence Communication across the Council to those affected The process must also include a section referring to the collection of any evidence that might be required for analysis as forensic evidence. The specialist procedure for preserving evidence must be carefully followed. The actions required to recover from the security incident must be under formal control. Only identified and authorised staff should have access to the affected systems during the incident and all of the remedial actions should be documented in as much detail as possible. 1.5.3. Learning from Information Security Incidents To learn from incidents and improve the response process incidents must be recorded and a Post Incident Review conducted. The following details must be retained: Types of incidents Volumes of incidents and malfunctions Costs incurred during the incidents The information must be collated and reviewed on a regular basis by Information Services and any patterns or trends identified. Any changes to the process made as a result of the Post Incident review must be formally noted. The information where appropriate should be shared with the Warning, Advice and Reporting Point (WARP) to aid the alert process for the region. 1.6. Policy Compliance If you are found to have breached this policy, you may be subject to the Council s disciplinary procedure. If you have broken the law, you may be subject to prosecution. If you do not understand the implications of this policy or how it may apply to you, seek advice from Information Services via the Helpdesk. Version 0.4 Page 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information