What exactly is an information security incident? ISO 27001, the international standard on information security management systems, describes it as, “A single or a series of unwanted or unexpected information security events that have a significant probability of compromising business operations and threatening information security.”
In The CIO’s Guide to Information Security Incident Management, authors Matthew Pemble and Wendy Goucher focus on the setup and running of an incident response organization. The guidance is aimed toward the management professional with standard computer technology skills and the IT operations manager with minimal specific security skills.
The book kicks off with an attention-grabbing chapter titled “Oh, No. It’s All Gone Horribly Wrong!” It goes on to outline some of the basics of information security incident management, including discussions of an incident, the timeline, types and priorities, reporting and decision making, and policies and documentation.
What’s interesting is that the authors put forward a people-centric approach to incident management. This manifests itself in chapters on matters such as selecting, building, and motiving a team; managing the backstage crew; roles and responsibilities; dealing with outside agencies; team management; and training.
The work contributes to a better understanding of the investigation of incidents, by unravelling the investigation cycle within incident response through insights on prioritization, handling of business requirements, expectancy management, notification and reporting, and how to handle incident meetings.
In sum, the authors offer a practical guide on managing information security incidents. This book is packed with principles, applications, case studies, and lessons learned. The guide is a great read and excellent reference on incidents for both beginners and experienced security professionals.