IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

Safeguard Catalogue - Communications Remarks<br />

____________________________________________________________________ .........................................<br />

S 6.61 Escalation strategy for security incidents<br />

Initiation responsibility: Agency/company Management, <strong>IT</strong> Security<br />

Management<br />

Implementation responsibility: <strong>IT</strong> Security Management<br />

Once the responsibilities for security incidents have been determined (see<br />

S 6.59 Specification of responsibilities for dealing with security incidents) and<br />

the procedural rules and reporting channels are familiar to all those concerned<br />

(see S 6.60 Procedural rules and reporting channels in case of security<br />

incidents), the next step is to determine how to proceed once reports have been<br />

received.<br />

As a first step, the person receiving a report regarding a security incident must<br />

investigate and assess it (see also S 6.63). If it turns out to indeed be a case of<br />

a security incident, additional measures must be taken. <strong>The</strong> following<br />

questions arise:<br />

- Where escalation is required, i.e. the action chain is extended, who should<br />

be informed?<br />

- What cases require immediate escalation?<br />

- Under what other circumstances is escalation appropriate?<br />

- When should escalation occur (immediately, the next day, the next working<br />

day)?<br />

- What media should be used to pass on the report?<br />

<strong>The</strong> answers to these questions must be specified in an escalation strategy and<br />

made known. <strong>The</strong> escalation strategy can be created in three stages, as<br />

follows:<br />

Stage 1: Specification of escalation channels<br />

Who is responsible for handling security incidents is specified in safeguard<br />

S 6.59 Specification of responsibilities for dealing with security incidents.<br />

Specification of the escalation channel should include defining who should<br />

send a report to whom. This is easy to see when the relevant hierarchy is<br />

presented in diagrammatic form. Both the regular escalation channels and also<br />

the channels to be used during staff absences should be considered.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

Who informs whom?

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!