Management of threats and disturbances

A domain name registrar must prepare guidelines in case of events that disturb or threaten the information security of its operations. The guidelines are used both to minimise and to address such events.

A domain name registrar must prepare in advance clear procedural guidelines for addressing events that disturb or threaten the information security of its operations. The guidelines are also used for minimising and eliminating the impacts of such events without undue delay.

The guidelines must specify

  • how to organise information security management
  • which operators are responsible for information security
  • how these responsible operators may be contacted.

The guidelines must be documented and kept up to date.

Purpose of procedural guidelines

The most important objective of the guidelines is to enable identifying the cause of an information security incident as quickly as possible and minimising the impact of the event. The guidelines also have practical importance, for example, in training new personnel.

The guidelines must also take into account any special instructions concerning the corrective measures in case of major disturbances. Such special instructions may concern, for example, on-call or deputy arrangements.

Typically, the organisation of information security management is described in a company’s internal information security policy, which is a set of documents describing the measures and targets of information security that has been approved by the company management.

Key words: Internet , Domain names

Updated 11.05.2017

LinkedIn Print