Information Security Incidents

According to ISO/IEC 27001, information security incidents are defined as:

"A single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security"

Information security incidents should be monitored and recorded in order to eliminating them. This includes recording:

The detection of incident
The cause of the incident
Procedures used to ensure that the problem has been eradicated
Collections of evidence (if needed for future lawsuits)

The next step is to figure out a way of preventing the incident from recurring. This step includes:

Actions needed to prevent recurrence
Estimated cost

The results of this step should be presented to the management in order to determine if preventing actions should be taken.

Testimonials

RM Studio's flexibility enables the relevant threats to be customised; indeed a different Risk Standard may be imported to manage risk against a different standard.

Myles Roberts
Project Manager
StatPro
London

Reykjavik Office

Stiki ehf.
Laugavegur 178
Reykjavík 105, ICELAND
Tel No: (+354) 570 0600
State Reg. No. 420392-2149
Email: stiki@stiki.eu

London Office

Stiki Ltd.
Herschel House, 58 Herschel Street
Slough - SL1 1PG
England
State Reg. No. 936 2174 22
Email: stikiuk@stiki.eu

Information Security Incidents

Follow Us

Testimonials

Reykjavik Office

London Office