Spotting incidents

'Spotting incidents’ is the brand new security awareness and training module for April.

It concerns vigilance, early detection and (where appropriate) prompt reporting of a deliberately diverse and open-ended set of information-related incidents, concerns and risks ... 

Whether you consider them to be incidents or not, suspicious activities and near-misses are also worth reporting if ‘early warning’ is something you and your management would appreciate. Nasty surprises are, well, nasty.  The sooner you know about trouble on the horizon, the more options you have, not least the possibility of deftly avoiding the minefields ahead.

Scope

The awareness module concerns two critical early steps that kick-start the incident management cycle:

We have covered the remainder of the incident management process before and will do so again - in fact every single awareness module concerns incidents since they are the very reason that information risks are of concern, and information security is necessary. 

Learning objectives

‘Spotting incidents’ is about identifying and reporting a wide range of information security-related incidents:

• For the general staff audience, the awareness and training materials emphasize vigilance and diligence.  Simply put, we’re encouraging people to watch out for and report more stuff, as well as responding directly to threats (e.g. by not clicking suspicious links). 
• For the management audience, the materials also cover reporting (e.g. enabling and actively encouraging staff to let management know about issues, incidents, risks, near-misses etc.) and edge forward into the analysis and response to reported incidents, including the need to disclose some incidents externally (e.g. privacy breaches).
• For the professional audience, the materials touch on the ‘instrumentation’ of information systems and processes.  Automated flagging/alerting and logging of security-relevant events naturally complements the manual reporting by IT users, but is a neglected area of systems architecture and design.

Those three streams support each other, setting workers thinking and talking about this topic, fostering the security culture in a general way. It’s a good topic for socializing security among the organization because it is relevant to, involves and affects everyone.

Think about your learning objectives in this area. What are your organization’s challenges around spotting incidents? If you are struggling to deal with the volume of incident-related reports already flowing and reluctant to invite yet more, you’d better get more efficient at assessing, handling and using those reports! The preferred way to cut the volume of incident reports is to improve your information security, which includes improving the quality and relevance as well as timeliness of incident reporting.

Don’t just complain: raise your game!

As well as customizing the materials to suit your awareness branding and objectives, feel free to blend-in additional content.  Use the materials in the company newsletters and magazines, your intranet Security Zone, in awareness events and training courses, and for new employee induction or orientation purposes.