Page 44 - Digital Financial Services security assurance framework
P. 44
10 DFS SECURITY INCIDENT MANAGEMENT
Often even after relevant controls have been applied 2. Assign job titles and duties for handling computer
security incidents do occur, especially in financial and network incidents to specific individuals and
services where attackers have a financial motive ensure tracking and documentation throughout
to evade systems, this causes system disruption, the incident through resolution.
alteration or disclosure of data. Organizations and 3. Designate management personnel, as well as
stakeholders offering and involved in digital finan- backups, who will support the incident handling
cial services need to develop the right procedures, process by acting in key decision-making roles.
reporting, data collection, management responsibil- 4. Devise organization-wide standards for the time
ities, legal protocols, and communications strategies required for system administrators and other
that will allow organization to successfully under- workforce members to report anomalous events
stand, manage, and recover from security incidents. to the incident handling team, the mechanisms for
A DFS provider without an incident management such reporting, and the kind of information that
plan may not discover an attack in the first place, or, should be included in the incident notification.
if the attack is detected, the provider may not have 5. Assemble and maintain information on third party
procedures in place to quickly contain damage, erad- contact information to be used to report a secu-
icate and respond to the attacker’s presence, and rity incident, such as Law Enforcement, relevant
recover its assets with minimal impact. government departments, vendors and device
A security incident management plan defines con- manufactures.
sistent procedures to be followed for orderly, quick 6. Publish information for all workforce members,
and effective reporting, response analysis, investiga- regarding reporting computer anomalies and inci-
tion and recovery from security incidents that com- dents, to the incident handling team. Such infor-
promise any of the eight security dimensions. mation should be included in routine employee
The ISO/IEC 27035:2016, Information security awareness activities.
incident management acknowledges that informa- 7. Plan and conduct routine incident response exer-
tion security controls are imperfect and has detailed cises and scenarios for the workforce involved in
processes for managing incidents. the incident response to maintain awareness and
The Center for Internet Security suggests the comfort in responding to real-world threats. Exer-
12
following guidelines for incident management, that cises should test communication channels, deci-
DFS system network operators, DFS providers, and sion-making, and incident responder’s technical
service providers could adopt. capabilities using tools and data available to them.
8. Create incident scoring and prioritization schema
1. Ensure that there are written incident response based on known or potential impact to your orga-
plans that define roles of personnel as well as nization. Utilize score to define frequency of sta-
phases of incident handling/management tus updates and escalation procedures.
42 Digital Financial Services Security Assurance Framework
