COI Report – Part VII
Page
419 of
425 (e) The IR-SOP requires that post-incident reviews are conducted by the Cluster ISO. However,
for these to happen, the incidents must be reported first. The incident in January 2018 was not reported up, and therefore never reviewed. A post-facto review, even if it was done later in February 2018, may have uncovered the need for taking additional action and may have helped prevent the incidents in June/July 2018.
1207. The IT Security team should be helmed by an individual who is motivated
and interested in learning, as the field of information security is constantly evolving, and complacency leads to weakness.
1208. Detecting and effectively responding to incidents requires strong management processes, and managing an incident response team requires specific skills and knowledge. A background in information security management or security engineering would be ideal. The following competencies should be considered when filling the position of SIRM: a) Critical reasoning and analysis – The SIRM must be clear about the criteria to be applied from the various security policies and have the ability to apply those criteria to the situation presented to him b) Gathering evidence – The SIRM must know what the relevant evidence
is and how to preserve, collate, and analyse it c)
Problem-solving and creative thinking – The SIRM must be able to come up with solutions on the fly, to counter the cyber attackers and d) Communication and leadership – Above all, the SIRM is the person responsible for managing
the boots on the ground, and must be a master communicator, ensuring that information flows in an orderly,
efficient, and comprehensive manner to all the relevant individuals.
