Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Annex A control 16 - IS incident management - by Software development company in india

This presentation focuses on the annexure controls of ISO 27001:2013 standards. The annexure control A16 relates to 'Information Security Incident Management'. - by Software development company in india http://www.ifourtechnolab.com/

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

  • Be the first to like this

Annex A control 16 - IS incident management - by Software development company in india

  1. 1. iFour ConsultancyAnnexure A Control: 16 – Information security incident management
  2. 2. A16.1 Management of IS incidents & improvements  Objective: To ensure a consistent & effective approach to the management of IS incidents, including Communication on security events Weaknesses  Incident management life cycle Software solution company in Indiahttp://www.ifourtechnolab.com
  3. 3. A 16.1.1 Responsibilities and procedures ISO for Software Outsourcing Companies in India  Control: Management responsibilities and procedures shall be established to ensure a quick effective and orderly response to information security incidents.  Preparation involves identification of resources needed for incident handling and having trained individuals ready to respond, and by developing and communicating a formal detection and reporting process.  Incident responders should preserve digital evidence relating to computer crimes, which provides the foundation for conclusions and decisions relating to an incident. Configure systems with evidence preservation in mind  Purchase the necessary equipment, and train at least one individual to handle the incidents and use tools for recovering and examining data. Software solution company in Indiahttp://www.ifourtechnolab.com
  4. 4. A16.1.2 Reporting information security events ISO for Software Outsourcing Companies in India  Control: Information security events shall be reported through appropriate management channels as quickly as possible.  Detection and Reporting are the important phases in information security incident handling.  All members of the community should be trained for: Procedures for reporting failures, weaknesses, and suspected incidents How to escalate reporting appropriately  The process should provide clear ways for users to communicate events (e.g., in the form of the organization’s Intranet, a phone line, etc.). Software solution company in Indiahttp://www.ifourtechnolab.com
  5. 5.  Control: Employees and contractors using the organization’s information systems and services shall be required to note and report any observed or suspected information security weaknesses in systems or services.  An effective approach is to use analysis tools to help manage intrusion detection systems and summarize the data.  Both these types of intrusion detection systems should be used:  HIDS – Host intrusion detection system  NIDS – Network intrusion detection system  Communicating security alerts through an interface that system administrators use to monitor:  Status  Performance of their systems increases the likelihood that they will notice problems quickly. A 16.1.3 Reporting information security weaknesses ISO for Software Outsourcing Companies in India Software solution company in Indiahttp://www.ifourtechnolab.com
  6. 6. A 16.1.4 Assessment of and decision on IS events Control: Information security events shall be assessed and it shall be decided if they are to be classified as information security incidents. Identification and prioritization of incident stage involves timely assessment of the situation which can classified into simple steps: Determine the scope/impact. Assess the severity Assess the urgency of event  In the containment stage assessment of the following needs to be done: Does the system need to be removed from the network? Are there user accounts or system-level accounts that need to be disabled or changed? ISO for Software Outsourcing Companies in India Software solution company in Indiahttp://www.ifourtechnolab.com
  7. 7. A 16.1.5 Response to IS incidents  Control: Information security incidents shall be responded to in accordance with the documented procedures.  Eradication of the problem, and associated changes to the system need to be applied. This includes technical actions such as Operating system and application software installed New or changed firewall rules Custom configurations applied Databases created Backup data restored Accounts created and access controls applied Software solution company in Indiahttp://www.ifourtechnolab.com
  8. 8.  Control: Knowledge gained from analyzing and resolving information security incidents shall be used to reduce the likelihood or impact of future incidents.  To learn from incidents and improve the response process, incidents must be recorded and a Post Incident Review must be conducted. The following details must be retained: Types of incidents Volumes of incidents and malfunctions Costs incurred during the incidents  Incident Management Reporting is a clear source for providing continual improvement to the ISMS. A 16.1.6 Learning from information security incidents ISO for Software Outsourcing Companies in India
  9. 9.  Control: The organization shall define and apply procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence.  The collection of evidence for a potential investigation must be approached with care.  Internal Audit must be contacted immediately for guidance and strict processes must be followed for the collection of forensic evidence. A 16.1.7 Collection of evidence Software solution company in Indiahttp://www.ifourtechnolab.com
  10. 10. References http://advisera.com/27001academy/blog/2015/11/10/using-itil-to- implement-iso-27001-incident-management/ https://spaces.internet2.edu/display/2014infosecurityguide/Information+Sec urity+Incident+Management www.ne-derbyshire.gov.uk/EasysiteWeb Software solution company in Indiahttp://www.ifourtechnolab.com

×