ISACA’s CISM Domain 4 Information Security Incident Management
Information Security Governance
Information Risk Management
Information Security Program Development and Management
Information Security Incident Management
Let’s talk about the fourth domain of ISACA’s CISM, Information Security Incident Management.
Before we jump into incident management, let’s first define what a security event is. What causes security incidents? Then, we’ll discuss the Security Incident Management process as well as its best practices. This blog will help you understand Security Incident Management.
An information security incident refers to a successful, attempted or imminent threat of an unauthorised breach, access, destruction or disclosure of information.
An incident is simply a situation that compromises confidentiality, integrity and availability of information assets.
What are the causes of security incidents?
There are many reasons security incidents can occur. Here are some of the most common:
Social Engineering: This is a common attack method used by many cyber-attackers. Social Engineering is a common technique. Attackers only need to follow a few steps to gain access to the target system. Let’s assume they can hack into the target’s computer by sending a convincing email. Or by simply standing next to the target while they enter their passwords. This is why many incidents happen, especially if we don’t take precautions when entering passwords in public places or clicking on email links.
Too many permissions: Hackers will not appreciate the fact that you limit access to which employees and users in your organization. Hackers can easily disguise themselves as users and gain access to your information if you give them too many permissions.
Malware: Both direct and indirect malware is increasing in popularity. Malware is harmful software that has been installed without the user’s permission and that allows hackers to exploit a system or other linked systems.
Be aware that malware can spread by visiting websites that don’t look like they are or from emails sent to you by people you don’t know.
Insider threats: “Keep you friends close and your enemies near” is a good motto these days. Rogue employees, disgruntled contractor, or simply those who don’t know better already have access. What would stop them from stealing, altering, or copying your data? I don’t think so. You must be aware of the people you are dealing with and act quickly if something goes wrong.
Let’s now examine the definition of Security Incident Management.
Security Incident Management is the process of recognizing and documenting security risks and occurrences in real time. It provides a comprehensive and thorough analysis of any security vulnerabilities in an IT system. Security incidents include an active threat, an attempted intrusion, a successful penetration and a data loss.
Information Security Incident Management process
Organizations must adopt strategies that will enable them to identify, respond, and mitigate cyber incidents. They also need to be more resilient and protected against future attacks.
Security incidents can be managed using software systems, appliances, and human investigators. Security incidents can be managed by notifying the incident response team. After investigating the incident and preparing a mitigation plan, incident responders will assess the damage done and create a mitigation plan.