Incident reported for cyber events is a must have for business with ISO 27001 and its respective offshoots.
Why should I incident report?
Incident reporting allows for two very important things to be attained as a business. First of all documenting the event doing your part as a business is required. Meeting this through a recording process allows clear evidence of the event to be presented and enabling it to be mapped. The second aspect is learning if a event is well recorded and documented a resolution can be tailored better to what happened. It also enables through the path the event took to allow more checks if possible and training to be highlighted allowing improvements.
Does every incident need reporting?
The answer is maybe, it really does rely on some judgement as a business on what incidents need escalating and what incidents are minor. For example having a ransomware attack should always be recorded with a clear path however very minor events might classify as a non-conformance. Knowing where you draw the line and documenting discussions on whether it is escalated always helps if any queries are raised.
Hiding issues and not coming forward is a huge issue facing incident reporting and businesses if individuals think an event doesnt matter it can often develop into a larger risk or issue. Staff should always be told that honesty is the best policy and hiding a issue does risk the business.
Overall incident reporting helps add value to a business from corrective action to improve operations. Understanding that no business is perfect and that incidents will always occur and its equally important to know how to record and document the events. Having clarity and meetings on a incident to decide what route to take is always valueable.
A previous week’s cyber news article is available here.
For more information around incident reporting can be found on the ISO website here.