Good Practice Guide Reporting Security Incident
Good Practice Guide - Reporting Security Incident
8
Engaging Cooperation. The scheme should build on already existing arrangements for industry
cooperation with the government in the field of network and information security or CIIP. At
an early stage, expectations, possibilities, and value proposition of the scheme must be clearly
communicated to the reporting parties. Advantages of a scheme may include: efficient and
fast information distribution; access to information not available elsewhere; assistance in
emergencies; and improved reaction to crisis situations. The organizers will also have to
address concerns about confidentiality of submitted information and the load on resources
that the reporting parties might face. Relationships with the reporting parties must be
continuously built in terms of mutual trust, C-level management support, and educating the
potential reporting staff.
Setting the Reporting Procedures. Based on the scheme's objectives, the list of reportable
information must be determined. Deadlines will have to be set for immediate, follow-up,
concluding, and periodical reports. Thereafter, timely and efficient prioritization of the
received reports must be ensured. In the follow-up stage, information updating and
distribution, and incident response efforts (possibly including cooperation with wider public
emergency response activities) become the priorities. For these purposes, it is recommended
to introduce a single point of contact for reporting incidents within the eCommunications
sector.
Managing the Reporting Scheme. The organizers will need to introduce scheme management
mechanisms ensuring that the scheme's objectives are met. Significant individual incidents
should be analyzed, with corresponding follow-up steps undertaken with the incident owners,
if necessary. Macro-level ex-post statistical analysis may also be desired as an efficient way of
reflecting on trends. The organizers will also need to collect feedback on the scheme's
functioning and respond to problems. Finally, each scheme also needs to evolve and improve
on mid and long term. Long-term evolution may lead the scheme and its organizing
department to play a gradually increasing role in the Network and Information Security (NIS)
procedures.
The study revealed that there is an enormous wealth of knowledge and experience with incident
reporting in several Member States, from which others can learn. This report summarizes the variety
of approaches encountered in a way that is intended to be useful both to the stakeholders launching a
new reporting scheme, and to those trying to improve the standing procedures. It also includes
references to additional materials.
Summary :
Good Practice Guide Reporting Security Incident Good Practice Guide - Reporting Security Incident 8 Engaging Cooperation. Relationships with the reporting parties must be continuously built in terms of mutual trust, C-level management support, and educating the potential reporting staff. This report summarizes the variety of approaches encountered in a way that is intended to be useful both to the stakeholders launching a new reporting scheme, and to those trying to improve the standing procedures.
Tags :
scheme,information,incident,security,parties,organizers,schemes,cooperation,procedures,followup,efficient,response,need