Häiriöiden- ja poikkeamienhallintaprosessi

The organization shall ensure that clear persons are assigned to incident management responsibilities, e.g. handling the first response for incidents.

Incident management personnel need to be instructed and trained to understand the organization's priorities in dealing with security incidents.

All security incidents are addressed in a consistent manner to improve security based on what has happened.

In the incident treatment process:

• the reported incident is confirmed (or found unnecessary to record)
• the type and cause of incident is documented
• the risks associated with the incident are documented
• the risks are re-evaluated and treated if that is necessary after the incident
• risk mitigation measures or a decision their acceptance is documented
• people who need to be informed of the results of the incident treatment are identified (including external ones)
• possible need for a post-incident analysis is determined

The organization has defined a process and the team involved in responding promptly to security incidents and deciding on the appropriate actions.

The first level response process includes at least:

• effectively seeking to confirm the identified incident
• deciding on the need for immediate response

From the point of view of the information security management system, non-conformities are situations in which:

• the organisation's security requirements are not matched by the management system
• the procedures, tasks or guidelines defined in the management system are not complied with in the organisation's day-to-day operations

In systematic security work, all detected non-conformities must be documented. To treat the non-conformity, the organization must identify and implement improvements that correct it.

Organization carries out threat intelligence by analyzing and utilizing collected information about relevant cyber security threats related and corresponding protections.

When analyzing and utilizing the collected threat intelligence information, the following points must be taken into account:

• analyzing how the threat intelligence information relates to to our own operations
• analyzing how relevant threat intelligence information is to our operations
• communicating and sharing information in an understandable form to relevant persons
• utilizing the findings of threat intelligence to determine the adequacy of technical protections, technologies used and information security testing methods for analysis