Creating Value Added for an Enterprise by Managing Information Security Incidents

Abstract

Abstract This article presents the structure and analysis of information security incidents in a production company in 2015-2017. The purpose of the analysis is to identify incidental events and their frequencies. The analysis includes the occurrence of notifications, threatening events, employee errors and false alarms. The conducted research includes also the procedure for handling the incident in the enterprise. The enterprises very often avoid informing their contractors about the occurrence of incidents. Thanks to the analysis of incidents and a clearly defined action plan, the examined enterprise tested the incidents and actions taken with them as a method of creating the added value of the enterprise during the period under consideration. The conducted research has shown that contractors who are aware of preventive actions taken, as well as those affecting information security even after the occurrence of an incident, are more willing to provide trust and even support to the surveyed enterprise. The conducted analysis is a pilot study carried out in one large enterprise in the metallurgical industry. The aim of the conducted research is to show that the incident or negative event may have a positive impact on the company's image. The research was carried out with the use of a questionnaire and in-depth interview with representatives of enterprises that are co-operators of the examined company.