Good Practice Guide Reporting Security Incident
Good Practice Guide - Reporting Security Incident
82
Status
Task/Recommendation
continuity.
Task: Perform statistical analysis of reporting data
In the cybersecurity area, organize automatic summaries on attacks.
In the network faults area, aim at periodical in depth analyzes.
Support the analysis with enough resources, both human and technical.
Combine incident reports with data gathered from other sources.
Enrich the reporting format so that more correlations may be performed.
Task: Manage your scheme on a long term
Consider the scheme as an evolving organism.
Regularly collect feedback from the stakeholders.
Educate the constituency and maintain their commitment.
Improve the ex-post analyses and the value given back to the constituency.
Consider expanding the scheme's coverage:
o
Extend the operation time to 24/7.
o
Enlarge the constituency.
o
Lower the reporting thresholds.
o
Enrich the reporting template.
Formalize the reporting requirements, where applicable.
Put aside time for tuning the scheme after introducing new requirements.
If the purpose of reporting expands, consider expanding your role in the CIIP and/or
incident response:
o
Promote to a national / governmental CERT.
o
Include CERT functions into the operations of a CIP authority;
o
Strengthen CIP or regulatory powers of a national CERT;
o
Federate functions within a telco regulatory authority.
Still, consider running reporting schemes separately if it benefits their functions.
Support integration to the national CIIP policy with legal framework adjustments.