Managing information security incidents
Assign topic to the user
Answer:
First it is important to note that if an information security occurrence has no impact on business n or in information security it is an information security event, not an information security incident.
This slightly difference makes a big difference on how to approach the situation, because handling events requires less effort than treating incidents.
In your situation, you must consider historical data (e.g., previous incidents) or market data (industry reports) to validate your idea that 3-4 events per day is a too high value of irregular email that your anti-spam does not block, leading to a greater risk of malware infection or data loss.
In case this quantity of events is in fact too high, then you must consider reviewing the rules of your anti-spam filter, or raise the awareness of your personnel. If not you can keep only recording and monitoring these events to see if they increase or not.
For raising awareness of your personnel I suggest you to take a look at our Security Awareness Training at this link: https://advisera.com/training/awareness-session/security-awareness-training/ - this is a series of 25 videos that cover various topics related to security.
Comment as guest or Sign in
Jul 11, 2019