How to manage and report a security incident

By Eleanor Barlow, Content Manager at SecurityHQ

What is a security incident?
The United Kingdom’s National Cyber Security Centre (NCSC) defines a cyber incident as “A breach of a system’s security policy in order to affect its [the victims] integrity or availability and/or the unauthorised access or attempted access to a system or systems”.

This means that any attempts to gain unauthorised access to a system, or attempts to gain unauthorised access to data, is a security incident. This includes:

-Malicious disruption and/or denial of service would be classified as a security incident.

-The unauthorised use of systems, often for processing or storing of data, is also a security incident.

-Any change to systems firmware, hardware or software, without the consent of the owner of said system, is a data breach.

-Data breaches can be accidental as well as malicious. For instance, say an email containing private or personal details was forwarded to the wrong recipient accidentally. This is a data breach also.

 Speed of response to a security incident

It is important to act quickly once you suspect a data breach or security incident. The faster a breach is detected, the faster the response, the greater the chance systems and processes can be put in place to mitigate the consequences of the attack or at least future attacks, and limit the cost and damage involved.

Response not only depends on the speed of response from your analysts and SOC team, but also internally. Internal threats are a great risk, which is why employees must be trained on what to look for, so that they can spot a breach when it occurs.

Legal obligation & compliance of a security incident

It is against the law to knowingly withhold knowledge of a data breach and or security incident. If you have been attacked, you are legally obligated to report this attack as soon as possible.

Severe fines may be given if there is a failure to report said breach in rapid time. Severity of said fines will depend on the location, the number of people affected, the number of companies involved (for instance in a supply chain attack), and the level of the breach regarding the level of private and personal information divulged and the nature of the compromised material.

This is why you need to understand your security posture and with that, a high-level compliance is necessary. A comprehensive response plan can ease costs of an attack. ISO/IEC 27001 is a family of standards and best practices set out by the International Organisation for Standardisation (IOS), and the International Electrotechnical Commission (IEC). The Information Security Management System (ISMS) provides a control framework to protect critical information assets of an organisation. This combines management controls, technical controls, procedural controls & personnel controls. The controls help in implementing preventive, detective, maintenance and monitoring measures.

Compliance with ISO/IEC 27001 is an easy and efficient way to conform with regulations regarding data protection, information security & cyber security. Particularly with concerns to handling financial, personal, and client-sensitive information.