What is an Information security event?
An information security event is an event that can affect the confidentiality, integrity, or availability of information. It’s like something unusual happening with your data that might be a security problem. This can be anything from a small error to a big security threat. The word “event” means something that happens, and “information security” means protecting your data.
Examples
- A login failure: Someone tries to log in with the wrong password too many times.
- Malware detected: Your computer finds a virus or other malicious software.
- Unusual network activity: There’s a lot of data being sent from a computer at an odd time.
- A lost or stolen laptop: A device with important data is missing.
Context
When a security event happens, an organisation needs to figure out if it’s a security incident. A security incident is an event that harms or threatens the security of an organisation’s data. Not all security events become incidents, but they all need to be looked at to be safe. For example, one login failure might just be a typo, but 100 login failures in a row could be a hacking attempt.
Relevant ISO 27001 Controls
The following controls from the ISO/IEC 27001:2022 standard are related to information security events:
- ISO 27001:2022 Annex A 5.26 Response To Information Security Incidents: This is the main control that includes the steps for managing security events, with evidence collection being a central part.
- ISO 27001:2022 Annex A 5.28 Collection Of Evidence: This control specifically requires an organisation to have a plan for collecting and saving evidence.
- ISO 27001:2022 Annex A 6.4: Disciplinary Process: This control supports the use of evidence for actions against employees who have violated security rules.
- ISO 27001:2022 Annex A 5.5 Contact With Authorities: This control is related because the evidence collected may need to be shared with police or other legal authorities.