SB013 Reports known or suspected security incidents
Reporting known or suspected security incidents helps protect people as well as their place of work. If the incident is reported early, If the incident is reported early, IT and Security teams can act fast to prevent damage.
Why is it important?
Security incidents may not always be detected by technical controls. Data breaches for example may occur through physical means such as a leaked physical document. It's important to try and find out about such incidents quickly as it can give valuable time to security teams.
Building a culture of trust, where people want to report security incidents, is important. Incidents can become worse if they're not reported.
Priority Tier
Behaviours in SebDB are ranked by their impact on risk. Tier 1 behaviours have the biggest impact, Tier 4 behaviours the least.
Risk Mitigated
Account Compromise
Account compromise happens when unauthorised people access them.
Data Theft
Data theft is the intentional stealing of data.
Malware Infection
Malware infections occur when malicious software makes its way on to a device or network.
Further reading
https://www.ncsc.gov.uk/collection/10-steps-to-cyber-security?curPage=/collection/10-steps-to-cyber-security/the-10-steps/user-education-and-awareness
https://securityandpeople.com/2017/08/four-steps-to-have-employees-report-security-incidents/
https://ico.org.uk/media/action-weve-taken/audits-and-advisory-visits/2614035/20181220information-risk-review-report-central-governmentpdf.pdf