Brian Sims
Editor
Brian Sims
Editor
PUBLISHED BY the British Standards Institution (BSI), a new framework has now been designed to help organisations co-ordinate all types of information security incidents affecting multiple partners.
The Information Security Incident Management standard (ISO/IEC 27035-4) is the fourth addition to a series intended to enhance incident management practices and protect global business from cyber threats.
Cyber security has emerged as a critical priority as supply chains become increasingly digitised, prompting companies to adopt stricter digital standards and invest in proactive risk assessment technologies. With global cyber crime damage costs predicted to reach USD$10.5 trillion annually and the regulatory landscape also evolving at pace, it’s more crucial than ever that organisations can adapt quickly to developing threats and that they have robust incident management and co-ordination plans in place.
Co-ordination is critical, particularly so when there are multiple partners involved. Effective co-ordination bolsters organisational resilience against business disruptions and reduces future risks by improving internal security measures.
ISO/IEC 27035-4, which can be applied to organisations of all types and sizes, has been designed to help businesses collaborate effectively with external partners during the process.
The Information Security Incident Management standard recognises the breadth of partners involved both within and outside of the organisation, from IT representatives and business managers through to legal departments and crisis communication teams. It provides guidance for the co-ordinating team to perform activities supporting the inter-organisation incident response.
Stages of an incident
Further, there’s consideration of the following stages of an incident:
Planning and preparation
Reaching an agreement on co-ordination policies and public frameworks, establishing communication channels, appointing an incident co-ordinator and conducting training
Detection and reporting
Encouraging all members to actively share threat intelligence. The framework establishes a threat information exchange mechanism and takes technical measures to ensure the security of information transfer channels
Assessment and decision
How organisations should work together to assess the impact of a specific incident and decide on the initiation of co-ordination
Response and recovery
How organisations should work together to determine the co-ordinated incident response plan, then implement their parts accordingly back in their organisations
Continual improvement
The best way for a single organisation or multiple organisations in the community to jointly evaluate the incident response process, notably so the co-ordination process, in order to support future improvement
Alertness to cyber threats
David Cuckow, director of digital at the BSI, said: “As core business practices become increasingly cloud-based and digitally reliant, it’s absolutely critical for organisations to stay alert to cyber threats. This is especially true as emerging information security threats are becoming increasingly sophisticated and can have a huge impact across organisations and society. Incidents that cross organisational boundaries can be difficult to resolve by a single organisation.”
Cuckow concluded: “This new framework has been designed to support organisations with managing such incidents and ensuring that all parties work together to ensure they’re resolved in a co-ordinated manner, accelerating progress towards a resilient digital future, a fair society and, what’s more, a sustainable world.”
