Cybersecurity and the Handling of Cyber Incidents

Abstract

The article presents interpretations of the concepts of cybersecurity and cybercrime as well as the abuse of the term cybernetic. The author refers to information as a new “centre of gravity” of the nation’s power and special attention is paid to activities aimed at ensuring a high level of information security in Poland. The assumptions of the draft Act on the national cybersecurity system are described and particular emphasis is placed on the issues of technical and organisational reporting and the handling of ICT security incidents. The author points out that handling incidents violating cyber security at a strategic level for a country ought to be considered as an intentional action of a definite and repeatable character. Here the reference to the ISO/IEC standards and recommendations can be found. Moreover, behaviours related to securing digital evidence after an incident, including the so-called good practice in relation to the reaction in the event of an incident, are presented. A simplified procedure for securing computer hardware, as a recommended method of action in case of the triage and live data forensics, are suggested in the article. The recommendations of the FORZA methodology and frameworks are also discussed. When summarising, the author underlines that it is essential to prepare appropriate procedures and personnel for the broadly understood handling of incidents violating cybersecurity. This includes protection of digital evidence according to the procedures, good practice and suggestions contained in normative documents, as well as implementing cybersecurity policy, bringing legislation into line with international standards and educating users and the judiciary.