By definition, an entity’s management information system (MIS) represents an aggregation of personnel, computer hardware and software, as well as procedures that process data in order to generate utilizable information for decision-making. Data elements, activity, function operation, and system are the pyramided classifications that delineate information requirements. Dialectally, an entity’s security MIS can become the catalyst for providing superior incident resolution through timely and reliable incident response data when the notification process is properly designed.
Gathering evidence that inappropriate or malicious activity has occurred is a control objective for threat management. Information security threat management controls should be configured to identify inappropriate or malicious activity within a computing environment. Since absolute computer security is impossible, management must classify misuse based on organizational impact. Categorically, security misuse can be designated as intentional or unintentional. In this regard, when constructing intentional misuse information asset records, field titling should address incident descriptions such as exploited vulnerability details (including unauthorized reading, modification, or destruction of data); as well as affected information assets and attack sources.
“View Part I of the Critical Incident Response Elements series here“