You are the CISO of your company. You have implemented an incident response program to handle security incidents. The on-premise ERP system gets in trouble and becomes unresponsive. The availability of the ERP system has been harmed. To which of the following should the ERP users report this incident?
A. Service Desk
B. Network Administrator
C. Chief Information Officer (CIO)
D. Computer Security Incident Response Team (CSIRT)
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
The following is my answers: A. Service Desk
This question is designed from the perspective of the security function. If you are a CISO, how do you handle the relationship with the CIO, or how do you define the roles and responsibilities of your security function?
It’s common for enterprises to implement ITIL. Service Desk, Incident Management, and Problem Management are basic building blocks. The IT department handles incidents to maintain IT service level, while security guys take care of security incidents to achieve the CIA objectives and support business processes. As a CISO, how do you define which incidents belong to the IR team so that the security guys and the IT department can work together smoothly?
An On-premise ERP incident is typically viewed as an IT incident. However, it’s also a good practice to report an incident to the Service Desk first; the support staff can dispatch the incident to the appropriate team for further treatment if necessary.