S 6.129 Training service desk employees how to handle security incidents

Initiation responsibility: IT Security Officer, Head of IT

Implementation responsibility: Head of IT, Administrator, IT Security Officer

When a government agency or company decides to send all reports of security incidents to a central user support centre, for example the central contact point (the central service desk of incident management), then the corresponding employees must be adequately sensitised to issues relating to information security and trained accordingly. To accomplish this, they will need to be familiar with the security incident handling policy and know the specified codes of conduct as well as the escalation and reporting paths.

The service desk employees should participate regularly in informational and training events on information security in general and on detecting security incidents in particular. These events can be held by the IT Security Officer or by external personnel, but in any case, the contents of such events need to be coordinated with the IT Security Officer.

Furthermore, service desk employees must have access to the resources required to detect security incidents and be trained in their operation. To detect security incidents quickly and correctly, the service desk employees must be able to detect the existence of a security incident based on their checklists. To be able to initiate the right measures, the service desk employees must also know the protection requirements of the systems affected.

Review questions:

• Are the employees of the service desk familiar with the policy for handling security incidents and emergencies?
• Are the resources available required to detect security incidents available to the employees of the service desk?
• Is it possible at the service desk to determine the protection requirements of the systems on which incidents occur more frequently?
• Do the service desk checklists also contain questions that can be used to detect security incidents?