Reporting of Security Problems
Enforcement of these policies should be everyone’s responsibility, not just the administrator’s. Earlier policies have provisions for users to assist in their enforcement, but none define the full impact of that reporting. Writing the policies for reporting is like all the other policies in this chapter—they are highly dependent on the environment and legal requirements for enforcing the policies.
Handling of Information Security Incident Reporting
Incident reports can come from a number of sources. Administrators can find security problems, and policies can be in place for users to report violations. Incidents can be reported outside the organization through other administrations reporting problems that seem ...