Expert Advice Community

Guest

Normal incident vs information security incident

  Quote
Guest
Guest user Created:   Aug 05, 2016 Last commented:   Aug 05, 2016

Normal incident vs information security incident

"Want to discuss the ISO 27X definition of a security incident...how can do that? But about the ISO definition of a "information security incident"...in day to day operation, it can be very difficult to distinguish between a "normal" incident and a information security incident. I cannot see, how the ISO definition can help...it seems - at first - a bit vague... Taking at face value, You can start classify ALL incident as security incident... But the definition in accord to 27000 is: "An information security incident is made up of one or more unwanted or unexpected information security events that could possibly compromise the security of information and weaken or impair business operations."
0 0

Assign topic to the user

ISO 27001 INCIDENT MANAGEMENT PROCEDURE

The basics of detection and response to security incidents.

ISO 27001 INCIDENT MANAGEMENT PROCEDURE

The basics of detection and response to security incidents.

Guest
Antonio Jose Segovia Aug 05, 2016

Answer:
The main difference between a normal incident and an information security incident is that the second is related to information security and can affect the confidentiality, integrity and availability of information, so for example, a virus can be an information security incident (because for example information can be disclosed), and a norm al incident can be that the printer is failing (it is not related to the information security).

Many companies define in their information security incident management procedure, what is an information security incident (virus, access problem to information, etc.). So, this can be a good recommendation for you.

This article can be interesting for you “How to handle incidents according to ISO 27001 A.16” : https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/

And also this one “How a change in thinking can stop 59% of security incidents” : https://advisera.com/27001academy/blog/2015/02/16/change-thinking-can-stop-59-security-incidents/

And finally, our online course can be also interesting for you because we give more information about the information security incidents “ISO 27001:2013 Foundations Course” : https://training.advisera.com/course/iso-27001-foundations-course/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Aug 05, 2016

Aug 05, 2016

Suggested Topics

Guest user Created:   Apr 21, 2021 ISO 27001 & 22301
Replies: 3
0 0

List of Legal Regulatory

Lajvar Created:   Feb 14, 2021 ISO 27001 & 22301
Replies: 1
0 0

Information security objectives