Pierluigi Paganini
November 23, 2020
Computer security and data privacy are often poorly considered issues until incidents occur and unfortunately sometimes even the very seriousness of the events, understood as virtual happenings, is not adequately perceived. An injection of digital culture is needed to increase awareness of the cyber threat in all its forms.
While the 27035 standard covers system and network security incidents, it can also apply to incidents involving other forms of information such as documents, intellectual property, personal and business information. In this regard, both standards, the NIS Directive (EU) 2016/1148 and the GDPR Regulation (EU) 2016/679 define the correct protocol to be followed in the management of information in a complementary way.
It’s not possible to guarantee only security without having privacy or only privacy without guaranteeing security.
It’s not acceptable that a computer attack on the security of an information system could also lead to a breach of sensitive data.
Computer incidents commonly involve the exploitation of unknown (or poorly managed) vulnerabilities, and in some cases they are due to the superficiality of handling digital information in its various forms. Therefore, an adequate management of vulnerabilities and custody of information must represent the main objectives to be pursued through preventive and possibly corrective actions.
The Computer Security Incident Response Team
The RFC 2350 standard provides for the training of the CSIRT (Computer Security Incident Response Team), the team that performs, coordinates and supports the management of security incidents. The CSIRT must offer support through actions of awareness, prevention and coordination of the response to computer incidents, with the following main objectives:
Once reports of incidents or threats have been received, the CSIRT evaluates their possible impact and informs stakeholders and, if necessary, coordinates them until the incident is resolved.
The CSIRT must disseminate the information necessary to counteract the incident and restore the state of normality as quickly as possible in cooperation with the community involved and must act primarily as an information gathering center that is promptly sorted within its community to facilitate its solution.
CSIRT – The Coordination
The coordination of the incident is managed through the following actions:
CSIRT – Services
The CSIRT to its community which can be a company, a company or an entire country system must offer proactive and responsive services:
Proactive:
Reactive:
The process of managing a computer incident
Standard 27035 also outlines the basic rules of the process of managing a computer incident (security/privacy) and provides steps that can be summarized as follows:
1. The Incident Management Preparation phase;
2. The Identification and Assessment phase to understand the extent and impact of the incident through monitoring and reporting;
3. The Incident Response phase by containing, removing and attempting to resolve the problem or at least mitigate its consequences;
4. The Learning phase to learn lessons for the future.
Considerations
Data protection and IT security is an issue that must involve the entire organization. The management of indexes must be understood as a process of continuous improvement ensuring:
About the author: Salvatore Lombardo
IT officer, ICT expert, Clusit member
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Computer security)
[adrotate banner=”5″]
[adrotate banner=”13″]
Data Breach / November 21, 2024
