ISO 27001 information security event vs. incident vs. non-compliance

No environment can be 100% secure. Problems (which can be broadly described as “occurrences” or “deviations”) will happen, but not all problems need to be treated the same way, and this can have a significant impact on the effort, and costs, of security management.

This article will present three concepts used by ISO 27001, the leading standard for information security management, that can help organizations handle security occurrences in a more efficient way: security events, security incidents, and non-compliances.

Definitions of event, incident, and non-compliance, and how differentiate among them

For the purposes of ISO 27001, the ISO 27000 standard, which defines the vocabulary for ISO information security management, uses the following concepts:

Information security event: any occurrence related to assets or the environment indicating a possible compromise of policies or failure of controls, or an unmapped situation that can impact security.

Information security incident: one or more information security events that compromise business operations and information security.

Information security non-compliance: any situation where a requirement is not being fulfilled.

To differentiate among these concepts, note that:

  • information security event refers to something that can affect risk levels, without necessarily impacting the business or information. For example, a suspicious person walking near a protected area represents a momentary increase in risk, but does not affect business results or compromise information;
  • information security incident refers to something that in fact negatively affected the business or information which should be protected. Examples include a loss of information or an operations delay due to information system malfunction;
  • non-compliance refers to something you should be doing, but are not. For example, backup copies are not being generated as defined in the Backup Policy.

It is important to note that events and incidents also may fall under non-compliance at the same time. For example, (Read more...)

*** This is a Security Bloggers Network syndicated blog from The ISO 27001 & ISO 22301 Blog – 27001Academy authored by The ISO 27001 & ISO 22301 Blog – 27001Academy. Read the original post at: