Control 19.6: Publish Information Regarding Reporting Computer Anomalies and Incidents

Publish information for all workforce members, regarding reporting computer anomalies and incidents, to the incident handling team. Such information should be included in routine employee awareness activities.

Category

Procedural

Purpose

The types of computer incidents regularly affecting a company can be useful when devising training activities. Each incident is an opportunity for learning, and then using those lessons to improve the process that is already in place. Besides feeding back into computer incident response activities, this information can also be communicated to contractors and employees of an organization as part of the regular user education process for cybersecurity. Understanding the general threats a company faces can help employees to make better decisions the next time around, responding more appropriately, and ultimately mitigating the impact of an incident.

Publishing information about previous computer incidents helps personnel prevent improper handling of an incident. Improper incident handling can lead to malware accessing your sensitive enterprise data for longer periods of time as it may not be properly removed. Another issue of significance is that improper incident handling may violate local and federal laws about the privacy of data and breach notifications.

Automation

This Sub-Control generally cannot be automated. Yet this does not mean that an incident response plan and associated response procedures must be made from scratch. You can obtain incident response procedures can be procured from other similar organizations that already have them in place. These procedures can be modified to fit your needs.

Guidance and Tools

The following can be useful when looking to report computer anomalies and incidents: