{"id":120,"date":"2022-04-12T03:02:01","date_gmt":"2022-04-12T03:02:01","guid":{"rendered":"http:\/\/tcm.gov.to\/?page_id=120"},"modified":"2022-04-29T01:56:01","modified_gmt":"2022-04-29T01:56:01","slug":"information-security-incident-management","status":"publish","type":"page","link":"https:\/\/tcm.gov.to\/?page_id=120","title":{"rendered":"Information Security Incident Management"},"content":{"rendered":"<div id=\"themify_builder_content-120\" data-postid=\"120\" class=\"themify_builder_content themify_builder_content-120 themify_builder\">\n    \t<!-- module_row -->\n\t<div  class=\"themify_builder_row module_row clearfix module_row_0 themify_builder_120_row module_row_120-0 tb_i9tg855\">\n\t    \t    <div class=\"row_inner col_align_top\" >\n\t\t\t<div  class=\"module_column tb-column col3-1 first tb_120_column module_column_0 module_column_120-0-0 tb_vjcb857\" style=\"width: 19%\">\n\t    \t    \t        <div class=\"tb-column-inner\">\n\t\t    <!-- module text -->\n<div  class=\"module module-text tb_uls9609    \">\n            <div  class=\"tb_text_wrap\">\n    <h4 class=\"u-text u-text-body-color u-text-1\"><b>11. Information security incident management<\/b>\u00a0<\/h4>    <\/div>\n<\/div>\n<!-- \/module text -->\n\t        <\/div>\n\t    \t<\/div>\n\t\t<div  class=\"module_column tb-column col3-1 middle tb_120_column module_column_1 module_column_120-0-1 tb_3t4j858\" style=\"width: 24%\" >\n\t    \t    \t        <div class=\"tb-column-inner\">\n\t\t    <!-- module text -->\n<div  class=\"module module-text tb_inju841    \">\n            <div  class=\"tb_text_wrap\">\n    <h4 class=\"u-text u-text-body-color u-text-2\"><b>11.1 Management of information security incidents and improvements<\/b><\/h4>    <\/div>\n<\/div>\n<!-- \/module text -->\n\t        <\/div>\n\t    \t<\/div>\n\t\t<div  class=\"module_column tb-column col3-1 last tb_120_column module_column_2 module_column_120-0-2 tb_8xoj859\" style=\"width: 50.6%\" >\n\t    \t    \t        <div class=\"tb-column-inner\">\n\t\t        <!-- module image -->\n    <div  class=\"module module-image tb_6k9d218  image-top  \">\n\t                <div class=\"image-wrap\">\n                            <img loading=\"lazy\" decoding=\"async\" width=\"857\" height=\"1223\" src=\"http:\/\/tcm.gov.to\/wp-content\/uploads\/2022\/04\/11.jpg\" class=\" wp-post-image wp-image-169\" title=\"11\" alt=\"11\" srcset=\"https:\/\/tcm.gov.to\/wp-content\/uploads\/2022\/04\/11.jpg 857w, https:\/\/tcm.gov.to\/wp-content\/uploads\/2022\/04\/11-210x300.jpg 210w, https:\/\/tcm.gov.to\/wp-content\/uploads\/2022\/04\/11-718x1024.jpg 718w, https:\/\/tcm.gov.to\/wp-content\/uploads\/2022\/04\/11-768x1096.jpg 768w\" sizes=\"auto, (max-width: 857px) 100vw, 857px\" \/>            \n                        <\/div>\n            <!-- \/image-wrap -->\n        \n        \n        <\/div>\n    <!-- \/module image -->\n<!-- module text -->\n<div  class=\"module module-text tb_zfue706    \">\n            <div  class=\"tb_text_wrap\">\n    <section id=\"sec-6bb3\" class=\"u-clearfix u-section-1\">\n<div class=\"u-clearfix u-sheet u-sheet-1\">\n<div class=\"u-clearfix u-expanded-width u-gutter-0 u-layout-wrap u-layout-wrap-1\">\n<div class=\"u-layout\">\n<div class=\"u-layout-row\">\n<div class=\"u-container-style u-layout-cell u-right-cell u-size-38 u-layout-cell-3\">\n<div class=\"u-container-layout u-container-layout-3\">\n<p class=\"u-text u-text-palette-1-base u-text-3\" style=\"text-align: center;\">Figure 4: Incident management flow according to ITIL Service Operation manual 2011.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<section id=\"carousel_b3ba\" class=\"u-clearfix u-section-2\">\n<div class=\"u-clearfix u-sheet u-sheet-1\">\n<div class=\"u-clearfix u-expanded-width u-gutter-0 u-layout-wrap u-layout-wrap-1\">\n<div class=\"u-layout\">\n<div class=\"u-layout-row\">\n<div class=\"u-container-style u-layout-cell u-left-cell u-size-11 u-layout-cell-1\">\n<div class=\"u-container-layout u-container-layout-1\">\u00a0<\/div>\n<\/div>\n<div class=\"u-container-style u-layout-cell u-size-11 u-layout-cell-2\">\n<h4 class=\"u-container-layout u-container-layout-2\"><b>11.1.1 Responsibilities and procedures<\/b><\/h4>\n<\/div>\n<div class=\"u-container-style u-layout-cell u-right-cell u-size-38 u-layout-cell-3\">\n<div class=\"u-container-layout u-container-layout-3\">\n<p class=\"u-text u-text-default u-text-1\"><strong><em><span class=\"u-text-palette-1-base\">Management responsibilities and procedures should be established to ensure a quick, effective and orderly response to information security incidents.<\/span><\/em><\/strong><\/p>\n<p class=\"u-text u-text-2\">The objectives for information security incident management should be agreed with management, and it should be ensured that those responsible for information security incident management understand the organization\u2019s priorities for handling information security incidents.<br \/>1) Develop and and communicated adequately within the organization procedures for:<\/p>\n<ul class=\"u-text u-text-3\">\n<li>incident response planning and preparation, including procedures for escalation, controlled recovery from an incident and communication to internal and external people or organizations;\u00a0<\/li>\n<li>monitoring, detecting, analysing and reporting of information security events\/weaknesses and incidents;\u00a0<\/li>\n<li>logging incident management activities.<\/li>\n<\/ul>\n<p class=\"u-text u-text-4\">2) Procedures, including management responsibilities, ensure that:<\/p>\n<ul class=\"u-text u-text-5\">\n<li>competent personnel handle the issues related to information security events and incidents;\u00a0<\/li>\n<li>people are aware of a point of contact for security incidents\u2019 detection and reporting;<\/li>\n<li>appropriate contacts with authorities to handle the information security incidents are maintained.\u00a0\u00a0<\/li>\n<\/ul>\n<p class=\"u-text u-text-6\">3) Reporting procedure:\u00a0<\/p>\n<ul class=\"u-text u-text-7\">\n<li>includes reporting forms ie templates that support the reporting action and help the person reporting to describe all necessary actions in case of an information security event;<\/li>\n<li>describes all necessary activities e.g. noting all details immediately, such as type of non-compliance or breach, occurring malfunction, messages on the screen and reporting to the point of contact;<\/li>\n<li>references to formal disciplinary process for dealing with employees who commit security breaches;\u00a0<\/li>\n<li>describes suitable feedback processes to ensure that those persons reporting information security events are notified of results after the issue has been dealt with and closed.<\/li>\n<\/ul>\n<h4 class=\"u-text u-text-8\"><b>11.1.2 Reporting information security events and weaknesses<\/b><\/h4>\n<p><strong><em><span class=\"u-text-palette-1-base\">Information security events should be reported through appropriate management channels as quickly as possible.<\/span><\/em><\/strong><\/p>\n<ul class=\"u-text u-text-9\">\n<li>Make sure that all employees and contractors are aware of their responsibility to report information security events as quickly as possible and the point of contact to which the events should be reported.\u00a0<\/li>\n<li>Situations to be considered reporting include:<br \/>a) breach of information integrity, confidentiality or availability expectations;<br \/>b) malfunctions of software or hardware as they may be an indicator of a security attack;<br \/>c) any observed or suspected information security weakness in systems or services;<br \/>d) human errors;<br \/>e) access violations<br \/>f) non-compliances with policies or guidelines<br \/>g) breaches of physical security arrangements;<br \/>h) uncontrolled system changes;<br \/>i) ineffective security control.<\/li>\n<\/ul>\n<h4 class=\"u-text u-text-10\"><b>11.1.3 Assessment of information security events<\/b><\/h4>\n<p><strong><em><span class=\"u-text-palette-1-base\">Information security events should be assessed and it should be decided if they are to be classified as information security incidents.<\/span><\/em><\/strong><\/p>\n<ul class=\"u-text u-text-11\">\n<li>Create agreed classification scale that helps to identify the impact and extent of an incident and thereby prioritize them. The point of contact records and assesses each information security event using the scale and decides whether the event should be classified as an information security incident.\u00a0<\/li>\n<li>If the organization has a person responsible for information security, the assessment and decision can be forwarded to this person for confirmation or reassessment<\/li>\n<\/ul>\n<p class=\"u-text u-text-palette-1-base u-text-12\">Read more: 6. Taxonomy Classification in the Common Taxonomy for Law Enforcement and The National Network of CSIRTs,\u00a0<a class=\"u-active-none u-border-none u-btn u-button-link u-button-style u-hover-none u-none u-text-palette-1-base u-btn-1\" href=\"https:\/\/www.europol.europa.eu\/cms\/sites\/default\/files\/documents\/common_taxonomy_for_law_enforcement_and_csirts_v1.3.pdf\">https:\/\/www.europol.europa.eu\/cms\/sites\/default\/files\/documents\/common_taxonomy_for_law_enforcement_and_csirts_v1.3.pdf<\/a><\/p>\n<h4 class=\"u-text u-text-13\"><b>11.1.4 Response to information security incidents<\/b><\/h4>\n<p><strong><em><span class=\"u-text-palette-1-base\">Information security incidents should be responded to in accordance with the procedures.<\/span><\/em><\/strong><\/p>\n<ul class=\"u-text u-text-14\">\n<li>Nominate a point of contact and other relevant persons inside or outside the organization that respond to information security incidents.\u00a0<\/li>\n<li>To respond to incident and initiate the necessary recovery:<br \/>a) collect evidence as soon as possible;<br \/>b) conduct forensics analysis if applicable;<br \/>c) escalate, if required;<br \/>d) ensure that all response activities are logged for later analysis;<br \/>e) communicate the existence of the incident to other internal and external people with a need-to-know;<br \/>f) deal with information security weakness(es) found to cause the incident;<br \/>g) close and record the incident after solving the incident. If necessary, analyse the incident additionally to identify the source of the incident.<\/li>\n<\/ul>\n<h4 class=\"u-text u-text-15\"><b>11.1.5 Learning from information security incidents<\/b><\/h4>\n<p><strong><em><span class=\"u-text-palette-1-base\">Knowledge gained from analysing and resolving information security incidents should be used to reduce the likelihood or impact of future incidents.<\/span><\/em><\/strong><\/p>\n<ul class=\"u-text u-text-16\">\n<li>Analyse and evaluate continuously the reports of information security incidents by type, volume and cost to identify recurring or high impact incidents.\u00a0<\/li>\n<li>Introduce enhanced or additional controls or review the internal procedures to limit the frequency, damage and cost of future incidents.\u00a0<\/li>\n<li>Include the information of high impact incidents into the user awareness training and explain how to respond to such incidents and how to avoid them in the future.<\/li>\n<\/ul>\n<h4 class=\"u-text u-text-17\"><b>11.1.6 Collection of evidence<\/b><\/h4>\n<p><strong><em><span class=\"u-text-palette-1-base\">The organization should define and apply procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence.<\/span><\/em><\/strong><\/p>\n<ul class=\"u-text u-text-18\">\n<li>For the purposes of disciplinary and legal action, develop and follow internal procedures when dealing with evidence. When collecting evidence, the chain of custody principle should be followed. Chain of custody is a process that tracks the movement of evidence through its collection, safeguarding, and analysis life cycle by documenting each person who handled the evidence, the date and time it was collected or transferred, and the purpose for the transfer.\u00a0<\/li>\n<li>When an information security event is detected, it may not be obvious whether or not the event will result in court action. Therefore, the danger exists that necessary evidence is destroyed intentionally or accidentally before the seriousness of the incident is realized. It is advisable to involve police or CERT Tonga early in any action.\u00a0<\/li>\n<li>In case forensic evidence transcends organizational or jurisdictional boundaries, contact CERT Tonga and ensure that the organization or person is entitled to collect the required information as forensic evidence and the internationally acknoledged requirements are followed.<\/li>\n<\/ul>\n<p><img decoding=\"async\" class=\"u-align-center u-image u-image-default u-image-1\" src=\"https:\/\/tonga.ega.ee\/images\/tongatoofail-05.jpg\" alt=\"\" data-image-width=\"1449\" data-image-height=\"588\" \/><\/p>\n<p class=\"u-align-center u-text u-text-palette-1-base u-text-19\" style=\"text-align: center;\">Figure 5: Forensic process according to NIST Special Publication 800-86.<\/p>\n<p class=\"u-text u-text-20\">Read more:<\/p>\n<p><span class=\"u-text-palette-1-base\">Appendix A, NIST Special Publication 800-<\/span><span class=\"u-text-palette-1-base\">86 <\/span><\/p>\n<ul>\n<li><span class=\"u-text-palette-1-base\"><a class=\"u-active-none u-border-none u-btn u-button-link u-button-style u-hover-none u-none u-text-palette-1-base u-btn-2\" href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/legacy\/sp\/nistspecialpublication800-86.pdf\">https:\/\/nvlpubs.nist.gov\/nistpubs\/legacy\/sp\/nistspecialpublication800-86.pdf<\/a><\/span><\/li>\n<\/ul>\n<ul class=\"u-text u-text-21\">\n<li><a class=\"u-active-none u-border-none u-btn u-button-link u-button-style u-hover-none u-none u-text-palette-1-base u-btn-3\" href=\"https:\/\/www.geeksforgeeks.org\/chain-of-custody-digital-forensics\/\">https:\/\/www.geeksforgeeks.org\/chain-of-custody-digital-forensics\/<\/a><\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/section>\n<footer id=\"sec-44c0\" class=\"u-align-center u-clearfix u-footer u-grey-80 u-footer\"><\/footer>    <\/div>\n<\/div>\n<!-- \/module text -->\n\t        <\/div>\n\t    \t<\/div>\n\t\t    <\/div>\n\t    <!-- \/row_inner -->\n\t<\/div>\n\t<!-- \/module_row -->\n\t<\/div>\n\n\n","protected":false},"excerpt":{"rendered":"<p>11. Information security incident management\u00a0 11.1 Management of information security incidents and improvements Figure 4: Incident management flow according to ITIL Service Operation manual 2011. \u00a0 11.1.1 Responsibilities and procedures Management responsibilities and procedures should be established to ensure a quick, effective and orderly response to information security incidents. The objectives for information security incident [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-120","page","type-page","status-publish","hentry","has-post-title","has-post-date","has-post-category","has-post-tag","has-post-comment","has-post-author",""],"builder_content":"<h4><b>11. Information security incident management<\/b>\u00a0<\/h4>\n<h4><b>11.1 Management of information security incidents and improvements<\/b><\/h4>\n<img loading=\"lazy\" decoding=\"async\" width=\"857\" height=\"1223\" src=\"http:\/\/tcm.gov.to\/wp-content\/uploads\/2022\/04\/11.jpg\" title=\"11\" alt=\"11\" srcset=\"https:\/\/tcm.gov.to\/wp-content\/uploads\/2022\/04\/11.jpg 857w, https:\/\/tcm.gov.to\/wp-content\/uploads\/2022\/04\/11-210x300.jpg 210w, https:\/\/tcm.gov.to\/wp-content\/uploads\/2022\/04\/11-718x1024.jpg 718w, https:\/\/tcm.gov.to\/wp-content\/uploads\/2022\/04\/11-768x1096.jpg 768w\" sizes=\"auto, (max-width: 857px) 100vw, 857px\" \/>\n<section id=\"sec-6bb3\">\n<p style=\"text-align: center;\">Figure 4: Incident management flow according to ITIL Service Operation manual 2011.<\/p>\n<\/section> <section id=\"carousel_b3ba\">\n\u00a0\n<h4><b>11.1.1 Responsibilities and procedures<\/b><\/h4>\n<p><strong><em>Management responsibilities and procedures should be established to ensure a quick, effective and orderly response to information security incidents.<\/em><\/strong><\/p> <p>The objectives for information security incident management should be agreed with management, and it should be ensured that those responsible for information security incident management understand the organization\u2019s priorities for handling information security incidents.<br \/>1) Develop and and communicated adequately within the organization procedures for:<\/p> <ul> <li>incident response planning and preparation, including procedures for escalation, controlled recovery from an incident and communication to internal and external people or organizations;\u00a0<\/li> <li>monitoring, detecting, analysing and reporting of information security events\/weaknesses and incidents;\u00a0<\/li> <li>logging incident management activities.<\/li> <\/ul> <p>2) Procedures, including management responsibilities, ensure that:<\/p> <ul> <li>competent personnel handle the issues related to information security events and incidents;\u00a0<\/li> <li>people are aware of a point of contact for security incidents\u2019 detection and reporting;<\/li> <li>appropriate contacts with authorities to handle the information security incidents are maintained.\u00a0\u00a0<\/li> <\/ul> <p>3) Reporting procedure:\u00a0<\/p> <ul> <li>includes reporting forms ie templates that support the reporting action and help the person reporting to describe all necessary actions in case of an information security event;<\/li> <li>describes all necessary activities e.g. noting all details immediately, such as type of non-compliance or breach, occurring malfunction, messages on the screen and reporting to the point of contact;<\/li> <li>references to formal disciplinary process for dealing with employees who commit security breaches;\u00a0<\/li> <li>describes suitable feedback processes to ensure that those persons reporting information security events are notified of results after the issue has been dealt with and closed.<\/li> <\/ul> <h4><b>11.1.2 Reporting information security events and weaknesses<\/b><\/h4> <p><strong><em>Information security events should be reported through appropriate management channels as quickly as possible.<\/em><\/strong><\/p> <ul> <li>Make sure that all employees and contractors are aware of their responsibility to report information security events as quickly as possible and the point of contact to which the events should be reported.\u00a0<\/li> <li>Situations to be considered reporting include:<br \/>a) breach of information integrity, confidentiality or availability expectations;<br \/>b) malfunctions of software or hardware as they may be an indicator of a security attack;<br \/>c) any observed or suspected information security weakness in systems or services;<br \/>d) human errors;<br \/>e) access violations<br \/>f) non-compliances with policies or guidelines<br \/>g) breaches of physical security arrangements;<br \/>h) uncontrolled system changes;<br \/>i) ineffective security control.<\/li> <\/ul> <h4><b>11.1.3 Assessment of information security events<\/b><\/h4> <p><strong><em>Information security events should be assessed and it should be decided if they are to be classified as information security incidents.<\/em><\/strong><\/p> <ul> <li>Create agreed classification scale that helps to identify the impact and extent of an incident and thereby prioritize them. The point of contact records and assesses each information security event using the scale and decides whether the event should be classified as an information security incident.\u00a0<\/li> <li>If the organization has a person responsible for information security, the assessment and decision can be forwarded to this person for confirmation or reassessment<\/li> <\/ul> <p>Read more: 6. Taxonomy Classification in the Common Taxonomy for Law Enforcement and The National Network of CSIRTs,\u00a0<a href=\"https:\/\/www.europol.europa.eu\/cms\/sites\/default\/files\/documents\/common_taxonomy_for_law_enforcement_and_csirts_v1.3.pdf\">https:\/\/www.europol.europa.eu\/cms\/sites\/default\/files\/documents\/common_taxonomy_for_law_enforcement_and_csirts_v1.3.pdf<\/a><\/p> <h4><b>11.1.4 Response to information security incidents<\/b><\/h4> <p><strong><em>Information security incidents should be responded to in accordance with the procedures.<\/em><\/strong><\/p> <ul> <li>Nominate a point of contact and other relevant persons inside or outside the organization that respond to information security incidents.\u00a0<\/li> <li>To respond to incident and initiate the necessary recovery:<br \/>a) collect evidence as soon as possible;<br \/>b) conduct forensics analysis if applicable;<br \/>c) escalate, if required;<br \/>d) ensure that all response activities are logged for later analysis;<br \/>e) communicate the existence of the incident to other internal and external people with a need-to-know;<br \/>f) deal with information security weakness(es) found to cause the incident;<br \/>g) close and record the incident after solving the incident. If necessary, analyse the incident additionally to identify the source of the incident.<\/li> <\/ul> <h4><b>11.1.5 Learning from information security incidents<\/b><\/h4> <p><strong><em>Knowledge gained from analysing and resolving information security incidents should be used to reduce the likelihood or impact of future incidents.<\/em><\/strong><\/p> <ul> <li>Analyse and evaluate continuously the reports of information security incidents by type, volume and cost to identify recurring or high impact incidents.\u00a0<\/li> <li>Introduce enhanced or additional controls or review the internal procedures to limit the frequency, damage and cost of future incidents.\u00a0<\/li> <li>Include the information of high impact incidents into the user awareness training and explain how to respond to such incidents and how to avoid them in the future.<\/li> <\/ul> <h4><b>11.1.6 Collection of evidence<\/b><\/h4> <p><strong><em>The organization should define and apply procedures for the identification, collection, acquisition and preservation of information, which can serve as evidence.<\/em><\/strong><\/p> <ul> <li>For the purposes of disciplinary and legal action, develop and follow internal procedures when dealing with evidence. When collecting evidence, the chain of custody principle should be followed. Chain of custody is a process that tracks the movement of evidence through its collection, safeguarding, and analysis life cycle by documenting each person who handled the evidence, the date and time it was collected or transferred, and the purpose for the transfer.\u00a0<\/li> <li>When an information security event is detected, it may not be obvious whether or not the event will result in court action. Therefore, the danger exists that necessary evidence is destroyed intentionally or accidentally before the seriousness of the incident is realized. It is advisable to involve police or CERT Tonga early in any action.\u00a0<\/li> <li>In case forensic evidence transcends organizational or jurisdictional boundaries, contact CERT Tonga and ensure that the organization or person is entitled to collect the required information as forensic evidence and the internationally acknoledged requirements are followed.<\/li> <\/ul> <p><img decoding=\"async\" src=\"https:\/\/tonga.ega.ee\/images\/tongatoofail-05.jpg\" alt=\"\" data-image-width=\"1449\" data-image-height=\"588\" \/><\/p> <p style=\"text-align: center;\">Figure 5: Forensic process according to NIST Special Publication 800-86.<\/p> <p>Read more:<\/p> <p>Appendix A, NIST Special Publication 800-86 <\/p> <ul> <li><a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/legacy\/sp\/nistspecialpublication800-86.pdf\">https:\/\/nvlpubs.nist.gov\/nistpubs\/legacy\/sp\/nistspecialpublication800-86.pdf<\/a><\/li> <\/ul> <ul> <li><a href=\"https:\/\/www.geeksforgeeks.org\/chain-of-custody-digital-forensics\/\">https:\/\/www.geeksforgeeks.org\/chain-of-custody-digital-forensics\/<\/a><\/li> <\/ul>\n<\/section> <footer id=\"sec-44c0\"><\/footer>","_links":{"self":[{"href":"https:\/\/tcm.gov.to\/index.php?rest_route=\/wp\/v2\/pages\/120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tcm.gov.to\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/tcm.gov.to\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/tcm.gov.to\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/tcm.gov.to\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=120"}],"version-history":[{"count":8,"href":"https:\/\/tcm.gov.to\/index.php?rest_route=\/wp\/v2\/pages\/120\/revisions"}],"predecessor-version":[{"id":270,"href":"https:\/\/tcm.gov.to\/index.php?rest_route=\/wp\/v2\/pages\/120\/revisions\/270"}],"wp:attachment":[{"href":"https:\/\/tcm.gov.to\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}