Search for:
How to Report an Information Security Incident?

What is a Security Incident?

A security incident is any attempted or actual unauthorized access, use, disclosure, modification, or destruction of information. This includes interference with information technology operation and violation of the organization’s policy, laws or regulations.

Examples of security incidents include:

  • Computer system breach
  • Unauthorized access to, or use of, systems, software, or data
  • Unauthorized changes to systems, software, or data
  • Loss or theft of equipment storing institutional data
  • Denial of service attack
  • Interference with the intended use of IT resources
  • Compromised user accounts

It is important that actual or suspected security incidents are reported as early as possible so that campus can limit the damage and cost of recovery. Include specific details regarding the system breach, vulnerability, or compromise of your computer and we will respond with a plan for further containment and mitigation.

How to report a security incident

email: it@cfsfin.com

phone: 234-909-032-9828
Important: If the incident poses any immediate danger, contact the Incidence Response Team immediately via unitsheads@cfsfin.com

Information to include in the report:

  • Your name
  • Department
  • Email address
  • Telephone number
  • Description of the information security problem
  • Date and time the problem was first noticed (if possible)
  • Any other known resources affected

 

To report an information security incident, follow these steps:

  1. Identify the incident: Determine if the situation qualifies as an information security incident. This can include unauthorized access to systems or data, malware infections, data breaches, network attacks, or any other security-related event.

 

  1. Contain the incident: Take immediate action to contain the incident and prevent further damage. This can involve isolating affected systems, disconnecting from the network, or disabling compromised accounts.

 

  1. Document the incident: Gather as much information as possible about the incident. Note the date, time, and location of the incident, as well as the systems, devices, or individuals involved. Document any suspicious or unusual activities leading up to the incident.

 

  1. Notify the appropriate authority: Report the incident to your organization’s designated reporting authority. This can be your IT department, security team, or incident response team. If your organization has specific incident reporting and response procedures, follow those guidelines.

 

  1. Follow incident response procedures: If your organization has established incident response procedures, follow the steps outlined in those protocols. This may include preserving evidence, conducting a forensic investigation, or engaging external security consultants.

 

  1. Inform affected parties: If the incident involves a breach of personal data or could potentially impact individuals or organizations outside your organization, consider notifying those affected. Depending on the regulations and laws in your country, you may be required to inform individuals of any breach involving their personal information.

 

  1. Learn from the incident: After the incident is resolved, conduct a post-incident analysis to identify any lessons learned and areas for improvement in your organization’s security practices. Use this information to enhance your security measures and prevent similar incidents in the future.

 

Remember, the specific reporting procedures and contacts may vary depending on the organization, so it is essential to follow your organization’s policies and guidelines when reporting an information security incident.

 

CFS ISMS MANAGER

 

Loading

BACKUP POLICY – ISMS TIPS – Week 2

Backup policy definition

A backup policy is a crucial component of an organization’s comprehensive backup strategy. Common backup policies identify critical data and systems to be protected, clarify the frequency of both full and incremental backups, delineate backup administrator responsibilities, and provide details for retention, offsite rotation, restoration procedures, storage of backups, and more.

A well-crafted backup and restore policy is essential as it is frequently a business’s last line of defense against data loss from data corruption, hardware failure, or a security breach.

Benefits of a data backup policy

A backup retention policy helps guide user expectations and provides the broader context for the data restoration and backup process. There are several benefits to developing a strong backup and recovery policy document:

Clarity. A backup policy clarifies specific procedures, policies, and responsibilities, including a well-defined schedule for performing backups, ensuring a more stable process. It also identifies any superseding procedures or policies that already exist, such as contingency plans.

Control. A well defined backup policy allows you to control what kind of backups are performed, how often data should be backed up, what software/hardware or cloud service should be used for performing backups, where backups are located, and who can access backups and how to contact them.

Accountability. The backup policy identifies primary and secondary contacts who are responsible for performing backups and provides their contact information. This piece of the data backup and recovery policy also identifies who is responsible for confirming that reliable backups are successfully performed, and sets forth how and when they will do this.

Reliability. Stronger backup policies are more likely to result in complete data restoration. They offer details on how to protect data, how to access backups, and how to train those responsible for performing backups. They also ensure multiple copies exist separate from the original data, and also make use of multiple forms of media with complementary strengths. Finally, the policy demands at least partial automation, further increasing reliability.

Key considerations for backup retention policies

Preserve essential data with a multi-pronged backup policy. Your backup policy should follow the 3-2-1 rule, creating at least three backup copies of all data in addition to the original file using two different backup media, with one copy in a remote location. This helps to ensure a full set of accessible backup data no matter what the circumstances leading to the need to recover data.

Storing at least one copy of backup data at a remote location is essential for disaster recovery, especially in the event of site-wide failures or geographical disasters. To protect against malware, remote backup data should be air-gapped (separated) from the original data set. Historically, third party vendors could store backup tapes offsite for a fee, but remote disk and cloud storage can be used as well.

It is important to periodically check the integrity of your backup files. Do this by restoring several files from the backup to confirm that you can, that the backup itself is uncorrupted, and that the media is still accessible.

Your backups should also contain versioning data—older versions of your data, not just the current version of files that were backed up most recently. This is important in case of accidental file corruption or ransomware that may be hiding in current data backups.

Determine what data is essential to your organization and establish backup strategies tailored to each type of data. At a minimum, backup mission critical data in real time, or at least daily. Backup less critical data at least once a week. Many businesses create exact mirrors of their systems annually, just to avoid the nightmare of having to start over again from scratch in case of a major failure.

Backup policy best practices

Follow these best practices to select an ideal backup solution that ensures your data remains recoverable and safe. The best backup policy solutions:

Include remote storage. Remote backups are a critical element in any backup solution. It is all but pointless to backup organizational data only to store it on the same disk as the original information. Off-server storage is a minimum requirement, with off-site backup storage being a better alternative. Should a central server become compromised during a disaster, off-site backups, whether on a cloud-based server or physical dedicated server, allow for complete data recovery—a key part of disaster recovery.

Take frequent, regular backups. Prevent critical data loss by creating a regular schedule of frequent backups. Obviously, the most critical data may demand a continuous backup solution, while daily backups or weekly backups may be enough for more static data.

Use automated backups. Avoid manual data backup solutions that rely on end users to back up their data. Your end user data backup policy should mandate a fully automatic backup solution. Manual data backup can easily be delayed and is a dull task—something that, in reality, never gets done.

Address retention span. After frequency, how long each backup should be kept is the next important question. Retaining every backup forever is neither desirable nor feasible, so any good data backup and storage policy and solution provides a series of retention schedules. This changing schedule will, for example, schedule more frequent backups at first—for example, hourly and daily backups for a week—and then pivot to less frequent backups less often.

The retention schedule will also keep some backups longer, or even indefinitely. Annual, bi-annual, or even monthly backups might be retained to provide ready benchmarks. Another reason to retain these scheduled backups is to ensure your organization remains compliant with data retention standards and requirements in your vertical. For example, healthcare organizations will need to craft backup policies that are HIPAA compliant. Businesses that are active in the EU may need a GDPR backup policy.

Encrypt backups. Even when backups are off-site, your data backup policy should always require encryption of backup files.

Use cloud storage for backup storage. Storing your backups in the cloud adds redundancy to your infrastructure and improves cost and scalability. In fact, leveraging the cloud for disaster recovery is one of the best ways to lower your risk of data loss after a disaster.

Find a comprehensive backup solution. Find a backup solution that fits the full needs of your business, including onsite as well as SaaS applications that host your data.

 

Data backup policy example

A typical data backup policy example might look something like this.

Overview/policy statement
In this first section, the server backup policy will state how the procedures in the plan will help the organization ensure continuity of its operations, ensure reliable, timely backup of its IT assets, and meet its enterprise business objectives. This section of a backup and recovery policy template might also state other high-level business objectives and cite involved team members.

Purpose
Next, the backup and restore policy will describe its purpose—the “why” behind the backup policy. Typically this sets out the way the organization will recover should there be a software failure, hardware failure, or both, and describes how the team will protect against data loss in case of disaster, human error, or other problem.

Scope
The scope of the backup policy will typically set forth the who, what, when, and how of the backup and restore process, to follow up with the “why” stated in the purpose section. A backup policy generally applies to all employees, contractors, and third party employees, and anyone who might be contractually bound to or have access to IT assets of the organization.

A backup policy will also describe the “what,” describing its scope as covering all IT assets and the entire organization’s IT infrastructure as well as data contained in SaaS applications. The scope statement will also describe documentation and how documentation will be controlled. For example, scope may touch upon the existence of a data retention policy for records.

A backup policy will spell out the “how” backups are to be taken, including the types of backups that will be taken and how long those backups will be stored. The policy will also explain the “when,” or how often and what time of day backups are to be taken.

Finally, a scope statement in a backup policy will cover maintenance and distribution of the documentation itself. This way, everyone who needs the backup policy in the organization should have access to it.

Substantive policy
In the substantive data backup policy and procedure section, your backup management policy should identify mission critical data, and which user-level data and system-level data will be maintained. More details about backup frequency in accordance with the acceptable risk and importance of the data should all be here.

Other elements of a data backup and restore policy might include backup retention details, restoration procedures and documentation, restoration testing procedures, guidelines for how to proceed when backup media has expired, and a list of other applicable policies.

An IT data backup policy must also designate responsible personnel for proper policy implementation. Along these lines, it should set forth terms of enforcement, including disciplinary actions that will be taken against employees who violate the backup policy in line with existing HR policies, industry standards, and controlling law.

Finally, the backup and recovery policy and procedure should include all relevant definitions to ensure clarity and the ability to execute. It should also include revision history, and any changes to the document must be controlled. This ensures recoverability in the event of a catastrophe.

Remember, while you might begin with a backup and restore policy template, it is important to craft any backup policy to meet your organization’s specific needs.

CFS ISMS MANAGER

Loading

PASSWORD POLICY – ISMS TIPS – Week 1

What Is a Password Policy?

A password policy is a set of rules designed to enhance computer security by encouraging users to create and implement stronger passwords. A part of an organization’s official rules, it’s often included in the security awareness training.

A password policy allows you to set a definite tone for how people create and use passwords on your web application. While you may not be able to control users’ activities 100%, it enables you to guide them for their own safety.

Why Is a Password Policy Important?

 

Cybersecurity is a buzzword in information technology. And that’s because cyber crimes are increasing by the day.

Passwords are essential in cybersecurity as they determine, to a large extent, whether an attacker can break into a system or not. So, having an effective password policy to safeguard your network is key.

There are significant benefits to having a well-designed password policy.

  1. Prevent Data Breaches

Safeguarding your business’ data and customer details is paramount. Your failure to do so makes your network vulnerable to data breaches.

With just a tiny loophole, attackers can initiate a data breach that will leave you professionally, financially, and legally exhausted.

  1. Maintain Order

A password policy is meant for everyone using your network, regardless of their status. The top-down hierarchy in most organizations doesn’t come to play here, and that creates a sense of orderliness.

External users of your network are also obliged to follow your policy. They drop whatever preconceived notions they have about password usage and adopt your policy.

  1. Build Trust

Many online users are wary of entering their personal information on websites due to fear of cyber-attacks. So, they get a sense of relief when they see a password policy on a website. It shows that the owners of the website take cybersecurity seriously.

Since everyone on the network is guided by the same password policy, users trust that their personal information is secured.

  1. Cultivate Cybersecurity Culture

Implementing effective cybersecurity may seem daunting. But the most difficult part is taken care of if your team or users understands how to secure themselves.

Most cyberattacks happen due to the loopholes created by people. If the users of your network are informed about cyber threats and how to avoid them, there’ll be little or no room for attackers to penetrate.

 

CFS ISMS MANAGER

Loading

error: You do not have access. Content is protected !!
×

Powered by WhatsApp Chat

× How can we be of help please?