Information security

INF034

Respond to information security incidents

Good management is critical to reducing the impact of security incidents and recovering quickly. Incident response should be a key part of your overall security framework.

A security incident is:

  • a security violation, breach, or infringement of a security policy or procedure
  • an approach from anybody seeking unauthorised access to official resources
  • any other occurrence that results, or may result, in negative consequences for the security of the New Zealand government, its institutions or programmes.

You’ll need to provide your people with the guidance and resources to act in a timely, coordinated manner to prevent or respond to security incidents that could compromise critical and sensitive information. Develop and regularly test these processes and procedures as part of your business continuity and disaster recovery planning.

Supporting documents and information

Follow the right process when an incident occurs

When an incident happens, act quickly to reduce any impact and help your organisation recover as quickly as possible. Later you might also need to restore the confidence of any partners or clients affected by an incident.

  • Investigate and respond: First gather details of the incident assess of the degree of impact. Take any initial actions necessary to reduce harm.
  • Communicate and escalate: Make sure you communicate security incidents to affected parties for their action. If necessary, alert any relevant authorities. You may also need to actively warn some people to avoid harm occurring further downstream.
  • Recover and learn: Recover lost information if possible and reinstate business functions.  Make sure your organisation learns from the incident so that you can improve your security measures in future.

Supporting documents and information

Page last modified: 2/10/2018