Expert Advice Community

Guest

My question on security incident

  Quote
Guest
Guest user Created:   Nov 19, 2020 Last commented:   Nov 19, 2020

My question on security incident

Hello Dejan,

I believe you are the most knowledgeable and good trainer on Information security.


One question is haunting me and I thought, who would be better than you to answer this question.


Is scamming bank account holder over telephone, successfully or unsuccessfully, considered as a security incident by bank. Is this incidence recorded in banks incident register?


If not, why not?


Do you have any webinar on third party vendor audits? I am interested in this even if it is a paid activity.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Nov 19, 2020

1 - Is scamming bank account holder over telephone, successfully or unsuccessfully, considered as a security incident by bank. Is this incidence recorded in banks incident register?

If not, why not?

Answer:  First is important to note that an incident refers to a situation that leads to a negative impact, so unsuccessful scamming should be not considered an incident (it is at most a security event, i.e., a situation that may draw attention from information security, in case it occurs too often).
 
Now, regarding a successful scamming, you must check the results of risk assessment, and applicable legal requirements, to identify if such incident should be recorded, either because they are related to relevant risks, or because legal requirements (e.g., laws, regulations, or contracts) demands the record of such incident (ISO 27001 does not have a mandatory requirment for incidents to be recorded).

Please note that in some countries, this kind of incident may be related to a lack of awareness activities from banks toward their customers, and this can make banks accountable at a certain level.  

2 - Do you have any webinar on third party vendor audits? I am interested in this even if it is a paid activity.

Answer: Unfortunately, we do not have such type of webinar, but this article can provide useful information:
- How to perform an ISO 27001 second-party audit of an outsourced supplier https://advisera.com/27001academy/blog/2017/10/10/how-to-perform-an-iso-27001-second-party-audit-of-an-outsourced-supplier/

 

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Nov 18, 2020

Nov 18, 2020