All n One - Security - Incident Notification

From All n One's bxp software Wixi

Jump to: navigation, search

1 Incident Management

computer security incident management involves the monitoring and detection of security events on a computer or computer network and the execution of proper responses to those events. Computer security incident management is a specialized form of incident management, the primary purpose of which is the development of a well understood and predictable response to damaging events and computer intrusions.


2 Events

An event is an observable change in the normal behaviour of a system, environment, process, workflow or person (components). There are three basic types of events:

Normal—a normal event does not affect critical components or require change controls prior to the implementation of a resolution. Normal events do not require the participation of senior personnel or management notification of the event.

Escalation – an escalated event affects critical production systems or requires that implementation of a resolution that must follow a change control process. Escalated events require the participation of senior personnel and stakeholder notification of the event.

Emergency – an emergency is an event which may impact the health or safety of human beings breach primary controls of critical systems materially affect component performance or because of impact to component systems prevent activities which protect, or may affect the health or safety of individuals be deemed an emergency as a matter of policy or by declaration by the available incident coordinator Computer security and information technology personnel must handle emergency events according to well-defined computer security incident response plan.


3 Incident Report Process

1. Employee, vendor, customer, partner, device or sensor reports event to Security team.

2. Prior to creating the ticket, the security team may filter the event as a false positive. Otherwise, the security team creates a ticket that captures the event, event source, initial event severity and event priority.

3. Clients are then notified of the loss of service by our contact team while the security team investigate

4. Pending on the type of instance we will report at regular intervals to keep all clients updated on the situation

5. Within 2 working days of outage, bxp Solution team to send clients a detailed report on what has caused the Outage and the impacts it may have had e.g: Data Loss


4 Incident Report Considered Factors 

Financial damage

How much financial damage resulted from an exploit? Less than the cost to fix the vulnerability, minor effect on annual profit, significant effect on annual profit, bankruptcy.

Reputation damage

Would an exploit result in reputation damage that would harm the business? Minimal damage, Loss of major accounts, loss of goodwill, brand damage.

Non-compliance

How much exposure does non-compliance introduce? Minor violation, clear violation, high profile violation.

Privacy violation

How much personally identifiable information could be disclosed? One individual, hundreds of people, thousands of people, millions of people.