Designation of an incident management team

Critical
High
Normal
Low

The organization shall ensure that clear persons are assigned to incident management responsibilities, e.g. handling the first response for incidents.

Incident management personnel need to be instructed and trained to understand the organization's priorities in dealing with security incidents.

Connected other frameworks and requirements:
16.1.3: Reporting information security weaknesses
ISO 27001
16.1.2: Reporting information security events
ISO 27001
ID.RA-3: Threat identification
NIST CSF
RS.CO-1: Personnel roles
NIST CSF
5.25: Assessment and decision on information security events
ISO 27001

Personnel guidelines for reporting security incidents

Critical
High
Normal
Low

A process for reporting incidents is maintained to help staff report incidents efficiently and consistently.

Things to report as an incident include e.g.:

  • unauthorized access to data / premises
  • action against security guidelines
  • suspected security issue (e.g. phishing, malware infection)
  • data system outage
  • accidental or intentional destruction / alteration of data
  • lost or stolen device
  • compromised password
  • lost physical identifier (e.g. keychain, smart card, smart sticker)
  • suspected security weakness (e.g. on utilized data system or other procedures)

The personnel guidelines emphasize the obligation to report security incidents as soon as possible in accordance with the agreed process. The instructions also describe other operations in the event of an incident (e.g. recording seen error messages and other details).

Connected other frameworks and requirements:
T06: Turvallisuuspoikkeamien hallinta
24. Responsibility of the controller
GDPR
16.1.3: Reporting information security weaknesses
ISO 27001
16.1.2: Reporting information security events
ISO 27001
ID.RA-3: Threat identification
NIST CSF
No items found.