Information Security incident management

["marck e." <marck.ernest () gmail com>]

Hi

Since a couple of months ago , our IT Dept is assessing our incident
response procedures and incident management software.
Currently, Incidents of any kind including some information security
incidents (low risk) are being registered on our incident management
solution.
However some of these incidents involve details that we shouldn't
necessarily share with other IT Departments such software developing.
Needless to say,our current solution doesn't have a feature to deal with
this problem and cuttings on IT budget means we won't afford replacing
current incident management solution
This has brought to discussion if IT Security Incidents are "another" kind
of incidents and if IT Sec Office should have another incident management
software.We've been checking open source solutions and this could be viable.
Although standards such ITIL indicates IT Dpt should have one and only
incident response procedure , sometimes reality makes us reconsider
this.Some reasons we have poundered on:

Why security incident reports bypass IT Helpdesk:

Confidentiality of the details of the incident:
90% of the security information incidents are NOT reported through
helpdesk.These incidents are reported by IT Sec Office, IT Operations or
any other organization department threatened or affected by the incident
directly to IT Director or IT Sec Office.Details of the incidents are not
registered on the incident management software but on a separate repository
(folders) by IT Sec Dpt which is not the best solution, I know.

Time Response:
When registered, security incident reporter demand quick responses which is
another reason to bypass helpdesk.

Anyone to share experiences or advice on this will be appreciated

Thanks

M.

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com