Page Comparison

...

The incident manager is responsible for managing the response to a security incident as defined in the incident response summary table.

Implementing Procedures

Reporting Security incidents
Any member of staff at Chemwatch must report any suspected incident to I.T. managers.
Responding to Security Incidents
1. Incident Severity
  Incident response will be managed based on the level of severity of the incident. The level of severity is a measure of its impact on or threat to the operation or integrity of the company and its information. Four levels of incident severity will be used to guide incident response: high, medium, low, and NA (Not Applicable).
  1. High
    The severity of a security incident will be considered "high " if any of the following conditions exist:
    1. Threatens to have a significant adverse impact on a large number of systems and/or people (for example, the entire company is affected)
    2. Threatens confidential data
    3. Adversely impacts our enterprise system or service critical to our operations.
  2. Medium
    The severity of a security incident will be considered "medium" if any of the following conditions exist:
    1. Adversely impacts a moderate number of systems and/or people.
    2. Adversely impacts a non-critical enterprise system or service
    3. Adversely impacts a departmental system or service, such as a file server
    4. Disrupts a building network
  3. Low
    Low severity incidents have the following characteristics:
    1. Adversely impacts a very small number of systems or individuals
    2. Disrupts a very small number of network devices or segments
  4. NA (Not Applicable)
    This is used for events reported as a suspected IT security incident but upon investigation of the suspicious activity, no evidence of a security incident is found.
2. Incident Response Summary Table
  The following table summarizes the handling of IT security incidents based on incident severity, including response time, the responsible incident managers, and notification and reporting requirements. Check /wiki/spaces/CW/pages/27950367 on Levels of security issues. If client data is compromised at any level, affected clients should be notified within 24 hours.

Incident Severity	Levels	Characteristics (one or more condition present determines the severity)	Response Time	Incident Manager	Risk Controls	Who to Notify	Post-Incident Report Required*
High	5,4	Threatens to have a significant adverse impact on a large number of systems and/or people (for example, the entire company is affected) Threatens confidential data Adversely impacts our enterprise system or service critical to our operations.	2 hours since identification	One of 3 Senior I.T. managers	Restrict access to the system and data until resolved.	Other I.T. staff Customer Service Technical support/helpdesk staff All department heads	Yes
Medium	3,2	Adversely impacts a moderate number of systems and/or people. Adversely impacts a non-critical enterprise system or service Adversely impacts a departmental system or service, such as a file server Disrupts a building network	4 hours	One of 3 Senior I.T. managers	Consider restricting access to the system and data until resolved.	Other I.T. staff Customer Service Technical support/helpdesk staff All department heads	Yes
Low	1	Adversely impacts a very small number of systems or individuals Disrupts a very small number of network devices or segments	Next business day	One of 3 Senior I.T. managers	None	Affected individuals	No
N/A	"Not Applicable" - used for suspicious activities which upon investigation are determined not to be an IT security incident.

Versions Compared

Old Version 13

New Version 14

Key

Implementing Procedures