J. Kelly Stewart, Guardian’s Curriculum Contributing Author & Certified Executive Instructor penned the article titled ‘How Incident Reporting Can Mitigate Threats’ for Security Magazine back in April 2014. Stewart thoroughly explains why incident reporting can reduce future threats in all environments.
Stewart details four baseline security incident-reporting strategies that can be utilized at any organization to reduce threats and to prevent these incidents from further recurring. He writes,
Planning & Preparation
First of these strategies is planning and preparation. Each department within the organization to uncover perceived and known threats and vulnerabilities must conduct a thorough Business Impact Analysis. Many of today’s incidents are so complex and time-consuming that preparation cannot be dismissed. Therefore, by examining each department a baseline of security in systems, network devices and overall physical security can be established so that incidents are not likely to become routine. Some basic aspects behind planning and preparation are:
• Setting up a reasonable set of defenses/controls based on the threat that presents itself.
• Creating a set of policies and procedures to deal with incidents as efficiently as possible. Within these procedures and policies it must be clear that:
– All incidents, accidents, or occurrences that cause or could cause harm must be reported.
– A blame-free environment needs to be promoted because by getting to the root cause of an error, you can fix the underlying system or process issues that allowed the event to happen.
• Obtaining the resources and personnel necessary to deal with the problem.