Go directly to contents.
VAHTI best practices
Digital security risk management

To get the best help for your situation, first answer the questions on the guide's start page.

  1. Guide's start page
  2. Introduction to digital security risk management
  3. Risk management
  4. Safety and security management
  5. Continuity management and preparedness
  6. Information security
    1. Get an overview of information security
    2. Identify threats
    3. Shield against threats
    4. Implement observation and handling processes
      1. Observation and handling processes are an important part of taking care of digital security
      2. Monitor the use of the systems
      3. Detect and monitor security breaches
      4. Analyse, classify and report deviations
      5. Report deviations
      6. Process deviations
      7. Remember recovery
    5. Recovery from security breaches
    6. Use instructions and tools
    7. Learn more about courses and services
  7. Data protection
  8. Checklist

Implement observation and handling processes

Observation and handling processes are an important part of taking care of digital security

The ability to observe digital security risks and the handling processes that monitor and support the observations are important for managing information security risks. The handling processes related to observations and information security risks must be approved by the senior management of the organisation, and observation capacity and processes must be actively developed as the operating environment changes. The processes must also be documented and communicated across the organisation.

Updated: 29/10/2024

Monitor the use of the systems

Supervision of the use of information systems must be carried out in a documented manner. Supervision and communications are used to manage several information security risks and to improve the organisation’s ability to detect information security risks.

Updated: 29/10/2024

Detect and monitor security breaches

The monitoring and reporting of security breaches develop information security risk management:

  1. Document any security breaches detected.
  2. Identify the risks that led to the breaches.
  3. Try to reduce the harm caused by risks.

Updated: 29/10/2024

Analyse, classify and report deviations

The identified security breaches must be analysed, classified and documented comprehensively. The analysis of security breaches supports the management of information security risks and the development of a safety culture and information security.

The classification of deviations helps report information security deviations to the management. By reporting the deviations comprehensively, you help the management understand the key development targets of the organisation.

Updated: 29/10/2024

Report deviations

When reporting deviations, follow the guide’s page Monitor, document and report risks.

Updated: 29/10/2024

Process deviations

Your organisation must have a deviation management process. In practice, this means the following:

  1. Staff and stakeholders are aware of their duties and role in reaction measures.
  2. Communication, coordination and reporting practices have been defined.
  3. Digital security disruptions are managed and their impact mitigated.

Updated: 29/10/2024

Remember recovery

During the recovery phase, your organisation will recover from the digital security disruption to its normal operating state and continue its operational development. During the recovery phase, your organisation

  1. creates and develops a disaster recovery plan for critical systems to be protected based on experience and
  2. draws up plans for any reputational damage caused by disruptions.

Read more about the recovery phase in the framework of digital security architecture (in Finnish)Opens in a new window..

Updated: 29/10/2024

Are you satisfied with the content on this page?

Checklist