The objective of the Incidents and Problems Management Procedure is to describe general steps for incident and problem management regardless of the system and technology platform used. In accordance with Company’s information security policy, it is mandatory to document effective incident and problem management procedure with a goal to improve service level by reducing the frequency of problems recurrence and to prevent, detect and correct information security deficiencies. The activities taken in various problems’ solving process may be very different and this depends on platform, system or character of problem.
To maintain information security in ongoing operations, it is necessary to take into considerations and to have developed and implemented a procedure for the handling of security incidents. A security incident refers to an event whose impact could cause significant loss or damage. To prevent or contain any loss or damage, security incidents should be dealt with swiftly and efficiently. If there is a predefined procedure available to be invoked, then reaction times can be minimized. The possible loss or damage which could occur in a security incident can affect the confidentiality, integrity and availability of data.
1.1 PROCEDURE OWNER
1.3 APPLICABLE REGULATIONS
1.4 RELATED [COMPANY] NORMS AND PROCEDURES
1.6 AUDIENCE AND SCOPE
1.7 DOCUMENT SUPPORT
2. DEFINITIONS & ABBREVIATIONS
3.1 REPORTING INCIDENTS AND PROBLEMS
3.3 INCIDENT/ PROBLEM ANALYSIS
3.5 CLOSING THE REQUEST
3.6 SYSTEM RESTORATION
3.8 PERIODICAL ANALYSIS OF REPORTED INCIDENTS
4. ROLES AND RESPONSIBILITIES
4.1 DEPARTMENT MANAGER(S)
4.2 IT DIVISION (ANY IT SECURITY SECTOR)
6. FINAL CONSIDERATIONS
6.1 DISCIPLINARY ACTIONS AGAINST PROCEDURE VIOLATION
6.2 DOCUMENT REVISION
7. APPENDIX A – TYPES OF INFORMATION SECURITY INCIDENTS
The objective of the Patch Management Procedure is to set in place IT patch management strategies and create consistently configured operational environment that is secured against known malfunction and vulnerabilities in operating system.