Annex A control 16 - IS incident management - by Software development company in india

iFour ConsultancyAnnexure A Control: 16 Information security incident management

Custom software company India http://www.ifourtechnolab.com1

A16.1 Management of IS incidents & improvementsObjective: To ensure a consistent & effective approach to the management of IS incidents, includingCommunication on security eventsWeaknessesIncident management life cycle

Software solution company in Indiahttp://www.ifourtechnolab.com

Custom software company India http://www.ifourtechnolab.com

2

A 16.1.1 Responsibilities and procedures ISO for Software Outsourcing Companies in India

Control: Management responsibilities and procedures shall be established to ensure a quick effective and orderly response to information security incidents.Preparation involves identification of resources needed for incident handling and having trained individuals ready to respond, and by developing and communicating a formal detection and reporting process.Incident responders should preserve digital evidence relating to computer crimes, which provides the foundation for conclusions and decisions relating to an incident.Configure systems with evidence preservation in mindPurchase the necessary equipment, and train at least one individual to handle the incidents and use tools for recovering and examining data.



3

A16.1.2 Reporting information security events ISO for Software Outsourcing Companies in IndiaControl: Information security events shall be reported through appropriate management channels as quickly as possible.Detection and Reporting are the important phases in information security incident handling.All members of the community should be trained for:Procedures for reporting failures, weaknesses, and suspected incidentsHow to escalate reporting appropriatelyThe process should provide clear ways for users to communicate events (e.g., in the form of the organizations Intranet, a phone line, etc.).


Custom software company India http://www.ifourtechnolab.com/

4

Control: Employees and contractors using the organizations information systems and services shall be required to note and report any observed or suspected information security weaknesses in systems or services.An effective approach is to use analysis tools to help manage intrusion detection systems and summarize the data.Both these types of intrusion detection systems should be used:HIDS Host intrusion detection systemNIDS Network intrusion detection systemCommunicating security alerts through an interface that system administrators use to monitor: StatusPerformance of their systems increases the likelihood that they will notice problems quickly.

A 16.1.3 Reporting information security weaknesses ISO for Software Outsourcing Companies in India



5

A 16.1.4 Assessment of and decision on IS eventsControl: Information security events shall be assessed and it shall be decided if they are to be classified as information security incidents.Identification and prioritization of incident stage involves timely assessment of the situation which can classified into simple steps:Determine the scope/impact.Assess the severityAssess the urgency of eventIn the containment stage assessment of the following needs to be done:Does the system need to be removed from the network? Are there user accounts or system-level accounts that need to be disabled or changed?ISO for Software Outsourcing Companies in India



6

A 16.1.5 Response to IS incidentsControl: Information security incidents shall be responded to in accordance with the documented procedures.Eradication of the problem, and associated changes to the system need to be applied. This includes technical actions such as Operating system and application software installedNew or changed firewall rulesCustom configurations applied Databases createdBackup data restored Accounts created and access controls applied



7

Control: Knowledge gained from analyzing and resolving information security incidents shall be used to reduce the likelihood or impact of future incidents.To learn from incidents and improve the response process, incidents must be recorded and a Post Incident Review must be conducted. The following details must be retained: Types of incidentsVolumes of incidents and malfunctions Costs incurred during the incidentsIncident Management Reporting is a clear source for providing continual improvement to the ISMS.

A 16.1.6 Learning from information security incidentsISO for Software Outsourcing Companies in India


8

Control: The organization shall define and apply procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence.The collection of evidence for a potential investigation must be approached with care.Internal Audit must be contacted immediately for guidance and strict processes must be followed for the collection of forensic evidence.A 16.1.7 Collection of evidence



9

Referenceshttp://advisera.com/27001academy/blog/2015/11/10/using-itil-to-implement-iso-27001-incident-management/https://spaces.internet2.edu/display/2014infosecurityguide/Information+Security+Incident+Managementwww.ne-derbyshire.gov.uk/EasysiteWeb


Custom software company India http://www.ifourtechnolab.com10