Reporting information security incidents
22-12-2022 -by Renske de Groot- Quality Officer – Security Officer
Purpose
Insight into situations in the field of information security that have (almost) gone wrong, or can go wrong just like that. This insight ensures that adjustments can be made quickly and extra security measures can be taken where necessary.
Explanation
The employees and general practitioners are the eyes and ears when it comes to information security, including the protection of patient and staff data. You see what is going well, what is going wrong and what can be improved. If the organization doesn’t know what’s happening, it can’t improve. Examples of information security incidents include:
- Loss, theft or unauthorized access to (very) confidential data
- (un)intentional leakage of data, e.g. an e-mail to the wrong addressee
- Unauthorized access to secure areas and/or spaces
- Careless handling of security policies (handling of passwords, clean-desk, etc.)
- Receiving suspicious email
- Theft of hardware or software
- Burglary or attempted burglary
- Violation of the availability, integrity and/or confidentiality of information
- Loss of company assets, such as laptops, uzi cards and keys
- Technical vulnerabilities (weaknesses in systems or services)
In short: all matters that have led to a breach of availability, integrity or confidentiality of information or matters that have almost led to, or may lead to, this.
Rule
Report information security incidents. Always do this as soon as possible after discovery.
How to report?
On the intranet, a link has been added to the form ‘Incident Information Security’.
If you are logged in to the intranet, click on the button ‘Security Incident Information’