Information Security Breaches: Avoidance and Treatment Based on ISO27001, 2nd Edition

CHAPTER 2: TREATMENT USING ISO27001

The following is an outline of a treatment process. It assumes as a starting point that the company has just been made aware, by internal or external sources, that a breach exists.

Assess the damage

This comprises the steps below.

• Assessing the immediate damage. Only material damage that has already happened is included.

• Assessing the long-term damage impact. Questions to ask: does this incident have a long-term impact, can it recur and does it have a systemic impact?

• Assessing the impact of the breach on business processes, your market situation, customer base, the public’s reaction if applicable, and customer contracts. When assessing long-term damage, quite a bit of ‘what-if-ing’ is included. ...

Get Information Security Breaches: Avoidance and Treatment Based on ISO27001, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Information Security Breaches: Avoidance and Treatment Based on ISO27001, 2nd Edition by Michael Krausz

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly