This presentation focuses on the annexure controls of ISO 27001:2013 standards. The annexure control A16 relates to 'Information Security Incident Management'. - by Software development company in india http://www.ifourtechnolab.com/

1. iFour ConsultancyAnnexure A Control: 16 – Information security incident
management

2. A16.1 Management of IS incidents & improvements
 Objective: To ensure a consistent & effective approach to the management of IS
incidents, including
Communication on security events
Weaknesses
 Incident management life cycle
Software solution company in Indiahttp://www.ifourtechnolab.com

3. A 16.1.1 Responsibilities and procedures
ISO for Software Outsourcing Companies in India
 Control: Management responsibilities and procedures shall be established to
ensure a quick effective and orderly response to information security incidents.
 Preparation involves identification of resources needed for incident handling and
having trained individuals ready to respond, and by developing and communicating
a formal detection and reporting process.
 Incident responders should preserve digital evidence relating to computer crimes,
which provides the foundation for conclusions and decisions relating to an incident.
Configure systems with evidence preservation in mind
 Purchase the necessary equipment, and train at least one individual to handle the
incidents and use tools for recovering and examining data.
Software solution company in Indiahttp://www.ifourtechnolab.com

4. A16.1.2 Reporting information security events
ISO for Software Outsourcing Companies in India
 Control: Information security events shall be reported through appropriate
management channels as quickly as possible.
 Detection and Reporting are the important phases in information security incident
handling.
 All members of the community should be trained for:
Procedures for reporting failures, weaknesses, and suspected incidents
How to escalate reporting appropriately
 The process should provide clear ways for users to communicate events (e.g., in the
form of the organization’s Intranet, a phone line, etc.).
Software solution company in Indiahttp://www.ifourtechnolab.com

5.  Control: Employees and contractors using the organization’s information systems
and services shall be required to note and report any observed or suspected
information security weaknesses in systems or services.
 An effective approach is to use analysis tools to help manage intrusion detection
systems and summarize the data.
 Both these types of intrusion detection systems should be used:
 HIDS – Host intrusion detection system
 NIDS – Network intrusion detection system
 Communicating security alerts through an interface that system administrators use to
monitor:
 Status
 Performance of their systems
increases the likelihood that they will notice problems quickly.
A 16.1.3 Reporting information security weaknesses
ISO for Software Outsourcing Companies in India Software solution company in Indiahttp://www.ifourtechnolab.com

6. A 16.1.4 Assessment of and decision on IS events
Control: Information security events shall be assessed and it shall be decided
if they are to be classified as information security incidents.
Identification and prioritization of incident stage involves timely assessment of
the situation which can classified into simple steps:
Determine the scope/impact.
Assess the severity
Assess the urgency of event
 In the containment stage assessment of the following needs to be done:
Does the system need to be removed from the network?
Are there user accounts or system-level accounts that need to be disabled or changed?
ISO for Software Outsourcing Companies in India Software solution company in Indiahttp://www.ifourtechnolab.com

7. A 16.1.5 Response to IS incidents
 Control: Information security incidents shall be responded to in accordance with the
documented procedures.
 Eradication of the problem, and associated changes to the system need to be
applied. This includes technical actions such as
Operating system and application software installed
New or changed firewall rules
Custom configurations applied
Databases created
Backup data restored
Accounts created and access controls applied
Software solution company in Indiahttp://www.ifourtechnolab.com

8.  Control: Knowledge gained from analyzing and resolving information security
incidents shall be used to reduce the likelihood or impact of future incidents.
 To learn from incidents and improve the response process, incidents must be
recorded and a Post Incident Review must be conducted. The following details must
be retained:
Types of incidents
Volumes of incidents and malfunctions
Costs incurred during the incidents
 Incident Management Reporting is a clear source for providing continual
improvement to the ISMS.
A 16.1.6 Learning from information security incidents
ISO for Software Outsourcing Companies in India

9.  Control: The organization shall define and apply procedures for the identification,
collection, acquisition and preservation of information, which can serve as
evidence.
 The collection of evidence for a potential investigation must be approached with
care.
 Internal Audit must be contacted immediately for guidance and strict processes
must be followed for the collection of forensic evidence.
A 16.1.7 Collection of evidence
Software solution company in Indiahttp://www.ifourtechnolab.com

10. References
http://advisera.com/27001academy/blog/2015/11/10/using-itil-to-
implement-iso-27001-incident-management/
https://spaces.internet2.edu/display/2014infosecurityguide/Information+Sec
urity+Incident+Management
www.ne-derbyshire.gov.uk/EasysiteWeb
Software solution company in Indiahttp://www.ifourtechnolab.com