SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Use promo code:
SPRING30

Expert Advice Community

Home / ISO 27001 & 22301 / Managing information security incidents

Guest

Managing information security incidents

ISO 27001 & 22301
  Quote
Guest
Guest user Created:   Jul 11, 2019 Last commented:   Jul 11, 2019

Managing information security incidents

ISO 27001 & 22301
I have a problem with a high number of information security incidents. I work in public organization, hiring more than 800 people. Everyday some phishing emails are delivered to their email boxes and some of our employees reporting such events to me. However I have some doubts concerning correct identification of this events. I am not sure if my interpretation complies with ISO 27001. I treat all these phishing emails as information security incidents with low priority , even if particular employees do not open attachments or links to this emails or do not response to their senders (no malware infection or loss of confidential data). I do this way, since I believe the fact, that phishing email successfully delivered and do not blocked by anty-spam filters make a serious risk of data breach, malware infection due to poor awareness of information security presented by our employers. The problem is that I have 3-4 incidents per day.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.
Expert
Rhand Leal Jul 11, 2019

Answer:

First it is important to note that if an information security occurrence has no impact on business n or in information security it is an information security event, not an information security incident.

This slightly difference makes a big difference on how to approach the situation, because handling events requires less effort than treating incidents.

In your situation, you must consider historical data (e.g., previous incidents) or market data (industry reports) to validate your idea that 3-4 events per day is a too high value of irregular email that your anti-spam does not block, leading to a greater risk of malware infection or data loss.

In case this quantity of events is in fact too high, then you must consider reviewing the rules of your anti-spam filter, or raise the awareness of your personnel. If not you can keep only recording and monitoring these events to see if they increase or not.

For raising awareness of your personnel I suggest you to take a look at our Security Awareness Training at this link: https://advisera.com/training/awareness-session/security-awareness-training/ - this is a series of 25 videos that cover various topics related to security.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 11, 2019

Jul 11, 2019

Suggested Topics
Guest user Created:   Sep 15, 2022 ISO 27001 & 22301
Replies: 1
0 0

Doubts about the package of documents to buy
Guest user Created:   Aug 21, 2019 ISO 27001 & 22301
Replies: 1
0 0

Record management
AntonioS Created:   Jan 13, 2016 ISO 27001 & 22301
Replies: 0
0 0

Security controls to mitigate cybersecurity threats