This presentation focuses on the annexure controls of ISO 27001:2013 standards. The annexure control A16 relates to 'Information Security Incident Management'. - by Software development company in india http://www.ifourtechnolab.com/
2. A16.1 Management of IS incidents & improvements
Objective: To ensure a consistent & effective approach to the management of IS
incidents, including
Communication on security events
Weaknesses
Incident management life cycle
Software solution company in Indiahttp://www.ifourtechnolab.com
3. A 16.1.1 Responsibilities and procedures
ISO for Software Outsourcing Companies in India
Control: Management responsibilities and procedures shall be established to
ensure a quick effective and orderly response to information security incidents.
Preparation involves identification of resources needed for incident handling and
having trained individuals ready to respond, and by developing and communicating
a formal detection and reporting process.
Incident responders should preserve digital evidence relating to computer crimes,
which provides the foundation for conclusions and decisions relating to an incident.
Configure systems with evidence preservation in mind
Purchase the necessary equipment, and train at least one individual to handle the
incidents and use tools for recovering and examining data.
Software solution company in Indiahttp://www.ifourtechnolab.com
4. A16.1.2 Reporting information security events
ISO for Software Outsourcing Companies in India
Control: Information security events shall be reported through appropriate
management channels as quickly as possible.
Detection and Reporting are the important phases in information security incident
handling.
All members of the community should be trained for:
Procedures for reporting failures, weaknesses, and suspected incidents
How to escalate reporting appropriately
The process should provide clear ways for users to communicate events (e.g., in the
form of the organization’s Intranet, a phone line, etc.).
Software solution company in Indiahttp://www.ifourtechnolab.com
5. Control: Employees and contractors using the organization’s information systems
and services shall be required to note and report any observed or suspected
information security weaknesses in systems or services.
An effective approach is to use analysis tools to help manage intrusion detection
systems and summarize the data.
Both these types of intrusion detection systems should be used:
HIDS – Host intrusion detection system
NIDS – Network intrusion detection system
Communicating security alerts through an interface that system administrators use to
monitor:
Status
Performance of their systems
increases the likelihood that they will notice problems quickly.
A 16.1.3 Reporting information security weaknesses
ISO for Software Outsourcing Companies in India Software solution company in Indiahttp://www.ifourtechnolab.com
6. A 16.1.4 Assessment of and decision on IS events
Control: Information security events shall be assessed and it shall be decided
if they are to be classified as information security incidents.
Identification and prioritization of incident stage involves timely assessment of
the situation which can classified into simple steps:
Determine the scope/impact.
Assess the severity
Assess the urgency of event
In the containment stage assessment of the following needs to be done:
Does the system need to be removed from the network?
Are there user accounts or system-level accounts that need to be disabled or changed?
ISO for Software Outsourcing Companies in India Software solution company in Indiahttp://www.ifourtechnolab.com
7. A 16.1.5 Response to IS incidents
Control: Information security incidents shall be responded to in accordance with the
documented procedures.
Eradication of the problem, and associated changes to the system need to be
applied. This includes technical actions such as
Operating system and application software installed
New or changed firewall rules
Custom configurations applied
Databases created
Backup data restored
Accounts created and access controls applied
Software solution company in Indiahttp://www.ifourtechnolab.com
8. Control: Knowledge gained from analyzing and resolving information security
incidents shall be used to reduce the likelihood or impact of future incidents.
To learn from incidents and improve the response process, incidents must be
recorded and a Post Incident Review must be conducted. The following details must
be retained:
Types of incidents
Volumes of incidents and malfunctions
Costs incurred during the incidents
Incident Management Reporting is a clear source for providing continual
improvement to the ISMS.
A 16.1.6 Learning from information security incidents
ISO for Software Outsourcing Companies in India
9. Control: The organization shall define and apply procedures for the identification,
collection, acquisition and preservation of information, which can serve as
evidence.
The collection of evidence for a potential investigation must be approached with
care.
Internal Audit must be contacted immediately for guidance and strict processes
must be followed for the collection of forensic evidence.
A 16.1.7 Collection of evidence
Software solution company in Indiahttp://www.ifourtechnolab.com