What is the definition of a security incident? According to UK’s National Cyber Security Centre (NCSC), a cyber incident is “a breach of a system's security policy in order to affect the victims’ integrity or availability and/or the unauthorised access or attempted access to a system or systems”. SecurityHQ discusses the topic.
DIFFERENT FORMS OF A SECURITY INCIDENT
Any attempts to gain unauthorised access to a system, or attempts to gain unauthorised access to data, is a security incident. This includes:
• Malicious disruption and/or denial of service would be classified as a security incident.
• The unauthorised use of systems, often for processing or storing of data, is also a security incident.
• Any change to systems firmware, hardware, or software, without the consent of the owner of said system, is a data breach.
• Data breaches can be accidental as well as malicious. For instance, say an email containing private or personal details was forwarded to the wrong recipient accidentally. This is a data breach also.
SPEED OF RESPONSE
“It is important – underlines Eleanor Barlow, Content Manager of SecurityHQ – to act quickly once you suspect a data breach or security incident. The faster a breach is detected, the faster the response, the greater the chance systems and processes can be put in place to mitigate the consequences of the attack, or at least future attacks, and limit the cost and damage involved.
Response not only depends on the speed of response from your analysts and SOC team, but also internally. Internal threats are a great risk, which is why employees must be trained on what to look for, so that they can spot a breach when it occurs”.
LEGAL OBLIGATION AND COMPLIANCE
“It is against the law – says Barlow – to knowingly withhold knowledge of a data breach and or security incident. If you have been attacked, you are legally obligated to report this attack as soon as possible.
Sever fines may be given if there is a failure to report said breach in rapid time. Severity of said fines will depend on the location, the number of people effected, the number of companies involved (for instance in a supply chain attack), and the level of the breach regarding the level of private and personal information divulged and the nature of the compromised material.
This is why you need to understand your security posture and, with that, a high-level compliance is necessary. A comprehensive response plan can ease costs if an attack. ISO/IEC 27001 is a family of standards and best practices set out by the International Organisation for Standardisation (IOS), and the International Electrotechnical Commission (IEC). The Information Security Management System (ISMS) provides a control framework to protect critical information assets of an organisation. This combines management controls, technical controls, procedural controls & personnel controls. The controls help in implementing preventive, detective, maintenance, and monitoring measures.
Compliance with ISO/IEC 27001 is an easy and efï¬cient way to conform with regulations regarding data protection, information security & cyber security. Particularly with concerns to handling financial, personal, and client-sensitive information”, she concludes.
by the Editorial Staff