Sustainable Governance
永續治理
Information Security Incidents Management and Coping Strategies
When an information security incident occurs, we often do not know how to respond to it, and thus cannot gain control of the losses incurred in real-time.
To minimize the impacts of an information security incident, we at CTCI have established an information security incident management procedure that serves as a guiding principle when such accident occurs.
Report an Information Security Event
When colleagues or vendors detect an abnormal behavior of the information equipment or system or are suspected of data leakage, they are required to immediately notify the server room, the management staff and Help Desk in order to identify the severity of the incident. The Help Desk will record the incident and ensure the timeliness of treatment.
Impact Level of the Event
In CTCI’s information security incident management procedure, we have categorized the impact level of the incident with quantitative indicators into three levels, “confidentiality,” “integrity,” and “availability.“ We will also identify the level of impact from light to severe and devote resources to take necessary actions.
Information Security Management Strategies
An information security incidents often catches us unprepared, if we fail to develop a complete response plan, we will be at a loss when an information security incident strikes. Therefore, we at CTCI have established a mechanism for information security incidents prevention, response and post-event recovery, so that when such incidents occur, we can quickly respond to them.
1. Prevention
Develop a preventive and recovery plan, and protective measures for hardware and software system facilities, environment and ensure personnel training is enforced.
2. Incident Response
In the event of an attack, an emergency response plan will be activated immediately to minimize the damage caused by the incident.
3. Recovery Operations
Review the existing protective measures, implement recovery operations, and timely correct existing security mechanism and relevant contingency plans.
Review and Lessons Learned of Information Security Incidents
An Information Security Incidents Report should be reviewed regularly. Without disclosing personal privacy and confidential business information, the competent authority shall collect crucial information and write a case study of lessons learned from the incident, including root causes, sequence of the incident, management processes, precautions, and improvement suggestions.
The case study of lessons learned will be used for security policy advocacy via websites, emails, or education training programs. Colleagues may learn more about the security incidents from the case study.
Conclusion
Information security protection is not an easy task that may be successfully performed at the first try. In order to respond and control the damage caused by incidents, a comprehensive security protection plan, combined with skilled emergency response procedures are the keys.
In addition to responding to the incident immediately, it is necessary to review the cause of the incident, enhance the information security plan and response procedures to reduce the risk of future incidents. By performing the “plan," “do," “check,", and “act" method we can effectively enhance information security.
**Photo credit: Pixabay
