Content library
Digital security overview
23: Häiriöiden- ja poikkeamienhallintaprosessi

How to fill the requirement

Digital security overview

23: Häiriöiden- ja poikkeamienhallintaprosessi

Task name
Priority
Status
Theme
Policy
Other requirements
Treatment process and documentation of occurred security incidents
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Incident management
Incident management and response
41
requirements

Task is fulfilling also these other security requirements

T06: Turvallisuuspoikkeamien hallinta
Katakri
32. Security of processing
GDPR
12. Transparent information, communication and modalities for the exercise of the rights of the data subject
GDPR
16.1.5: Response to information security incidents
ISO27 Full
6.4: Menettelytavat virhe- ja ongelmatilanteissa
Self-monitoring
1. Task description

All security incidents are addressed in a consistent manner to improve security based on what has happened.

In the incident treatment process:

  • the reported incident is confirmed (or found unnecessary to record)
  • the type and cause of incident is documented
  • the risks associated with the incident are documented
  • the risks are re-evaluated and treated if that is necessary after the incident
  • risk mitigation measures or a decision their acceptance is documented
  • people who need to be informed of the results of the incident treatment are identified (including external ones)
  • possible need for a post-incident analysis is determined
Designation of an incident management team
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Incident management
Incident management and response
24
requirements

Task is fulfilling also these other security requirements

16.1.3: Reporting information security weaknesses
ISO27 Full
16.1.2: Reporting information security events
ISO27 Full
ID.RA-3: Threat identification
NIST
RS.CO-1: Personnel roles
NIST
5.25: Assessment and decision on information security events
ISO27k1 Full
1. Task description

The organization shall ensure that clear persons are assigned to incident management responsibilities, e.g. handling the first response for incidents.

Incident management personnel need to be instructed and trained to understand the organization's priorities in dealing with security incidents.

Regular analysis and utilization of information related to information security threats
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Development and cloud
Technical vulnerability management
9
requirements

Task is fulfilling also these other security requirements

5.7: Threat intelligence
ISO27k1 Full
23: Häiriöiden- ja poikkeamienhallintaprosessi
Sec overview
THREAT-2: Respond to Threats and Share Threat Information
C2M2: MIL1
Article 13: Learning and evolving
DORA
1. Task description

Organization carries out threat intelligence by analyzing and utilizing collected information about relevant cyber security threats related and corresponding protections.

When analyzing and utilizing the collected threat intelligence information, the following points must be taken into account:

  • analyzing how the threat intelligence information relates to to our own operations
  • analyzing how relevant threat intelligence information is to our operations
  • communicating and sharing information in an understandable form to relevant persons
  • utilizing the findings of threat intelligence to determine the adequacy of technical protections, technologies used and information security testing methods for analysis
Treatment process and documentation of identified non-conformities
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Risk management
11
requirements

Task is fulfilling also these other security requirements

10.2: Non-conformity and corrective action
ISO27k1 Full
23: Häiriöiden- ja poikkeamienhallintaprosessi
Sec overview
CC4.2: Evaluation and communication of internal control deficiencies
SOC 2
21.4: Non-conformities and corrective actions
NIS2
P8.1: Periodic monitoring of privacy compliance
SOC 2
1. Task description

From the point of view of the information security management system, non-conformities are situations in which:

  • the organisation's security requirements are not matched by the management system
  • the procedures, tasks or guidelines defined in the management system are not complied with in the organisation's day-to-day operations

In systematic security work, all detected non-conformities must be documented. To treat the non-conformity, the organization must identify and implement improvements that correct it.

The first level response process to security incidents
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Incident management
Incident management and response
29
requirements

Task is fulfilling also these other security requirements

16.1.4: Assessment of and decision on information security events
ISO27 Full
6.4: Menettelytavat virhe- ja ongelmatilanteissa
Self-monitoring
DE.AE-4: Impact of events
NIST
RS.RP: Response Planning
NIST
RS.RP-1: Incident response plan
NIST
1. Task description

The organization has defined a process and the team involved in responding promptly to security incidents and deciding on the appropriate actions.

The first level response process includes at least:

  • effectively seeking to confirm the identified incident
  • deciding on the need for immediate response
No items found.