Expert tips for smooth security incident sailing. Need help understanding what a security incident is and what to do with it? Well, you're not the only one. Defined broadly in the reg as "attempted or successful" security breaches, just about anything could be called a security incident. Fortunately,
Keep Track Of Your Incidents
To catch the incidents that are potentially dangerous,
Ren Landers, president of the Boston Bar Association and associate professor at Suffolk University Law School, promotes good documentation. "It's a good idea to keep track of what kind of things do happen" so that you can adjust your policies and systems to account for those vulnerabilities, she says. The security incident report can expose areas in which your security policy isn't thorough enough or where more manageable measures could be applied.
Look For Incident Patterns
Because there are malicious threats that must be realized and resolved, your incident reporting system should be equipped to catch them.
To ensure that all the little components of what could be a large problem are recognized, consultant
Margret Amatayakul, in the Schaumberg, IL office of Margret AConsulting, advises "an organization over-report rather than under-report" their security incidents. William Hubbartt, president of Hubbartt & Associates in St. Charles, IL, agrees. "If you're going to err, err on the side of caution," he tells Eli.Harry Smith
of Timberlyne Technologies in Lakewood, CO suggests looking for trends in security incidents, such as repeated attempts to access your system's e-PHI in a short period of time. Taken separately, these attacks are innocuous, but when seen as part of a larger picture, as happens in a report, their true nature is revealed.And with an incident tracking system in place, "if something actually happened, you've got enormous opportunities to try to mitigate anything bad resulting from that" before the compromised information is used maliciously, says
Kirk Nahra, a partner in the D.C. office of Wiley Rein & Fielding.
Create Security Awareness
This is not the only advantage of security incident reporting. The incident report "creates a security awareness which actually reduces the number of incidents simply because ... it keeps security top of mind," Amatayakul asserts.
The reports will help administrators know where security training isn't being implemented or has failed. "If you don't keep track of how people are doing on implementing what you've trained them to do, then you don't know where your problems are and you can't prevent them," Landers warns.
Therefore, it's important to create an environment where employees feel comfortable documenting any incidents without worry. "Some people think that reporting an incident is like telling on somebody," Amatayakul says, but if it becomes "a way of life that we have to collect whatever issues we see so that we get them fixed," the reporting will be efficient and incidents could dwindle over time as security awareness improves.
Simplify The Process
To streamline and normalize the incident reporting process, Smith suggests the following steps:
As Hubbartt states, "in light of our market place and our world economy and our world political environment, any incident is a potential threat and we need to consider it seriously, evaluate it and act appropriately."