ISO 27001 requires you to notify, record, and investigate an information security event and incident. All employees and contractors should be reporting these; however, what is a security incident and security event? Are they not the same?
In a nutshell, a security event is a change to the everyday operation of the network or services that indicates there may be a violation or a security safeguard may have been failed. However, if a virus is found on a user device this is a security incident.
Once you have identified and recorded the incident/event correctly this will need to be treated. As you have probably guessed, these are treated in different ways. For an event you would record these for analysis, this would be in line with your monitoring and measurement processes, if you have similar events occurring in a short period of time you may need to further review these. These could result in amending a policy, procedure or risk assessment. As an Incident has affected the business you will need to take action to minimise the impact, and depending on the level of the incident it may require immediate action. These will then need to be recorded for analysis and lessons learnt purposes.
A critical step that is often overlooked is the lessons learnt after dealing with a security incident. Identification of the root cause should be recorded and analysed to identify any patterns that may lead to new incidents. Furthermore, the analysis should also confirm the effectiveness of controls that have been implemented.
By using the ISO 27001 framework and its related concepts, to address information security occurrences, an organisation can minimize its efforts and costs to keep the business running with acceptable levels of risk both to its information, and that of its customers.
Please contact us using the below form to see how we can help you implement ISO 27001.