CHAPTER 13

DETECTING AND RESPONDING TO IS INCIDENTS

Section 1301

Reporting Information Security Incidents

Reporting Information Security Incidents

Reporting IS Incidents to Outside Authorities

Reporting Information Security Breaches

Notifying Information Security Weaknesses

Witnessing an Information Security Breach

Being Alert for Fraudulent Activities

Software Errors and Weaknesses

When and How to Notify Authorities

Section 1302

Investigating Information Security Incidents

Investigating the Cause and Impact of IS Incidents

Collecting Evidence of an Information Security Breach

Recording Information Security Breaches

Responding to Information Security Incidents

Section 1303

Corrective Activity

Establishing Remedies to Information Security Breaches

Section 1304

Other Information Security Incident Issues

Ensuring the Integrity of IS Incident Investigations

Analyzing IS Incidents Resulting from System Failures

Breaching Confidentiality

Establishing Dual Control / Segregation of Duties

Using Information Security Incident Check Lists

Detecting Electronic Eavesdropping and Espionage Activities

Monitoring Confidentiality of Information Security Incidents

Risks in System Usage

Reviewing System Usage