Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

Purpose

This policy governs the actions required for reporting or responding to security incidents involving Chemwatch information technology resources to ensure effective and consistent reporting and handling of such events.


Scope

This policy applies to all employees using Chemwatch information technology resources or data.


Policy

Incident response will be handled appropriately based on the type and severity of the incident in accordance with the Incident Response Summary Table below. 


Roles and Responsibilities

The incident manager is responsible for managing the response to a security incident as defined in the incident response summary table.


Implementing Procedures

  1. Reporting Security incidents
    Any member of staff at Chemwatch must report any suspected incident to I.T. managers.


  2. Responding to Security Incidents
    1. Incident Severity
      Incident response will be managed based on the level of severity of the incident. The level of severity is a measure of its impact on or threat to the operation or integrity of the company and its information. Four levels of incident severity will be used to guide incident response: high, medium, low, and NA (Not Applicable).

      1. High
        The severity of a security incident will be considered "high " if any of the following conditions exist:
        1. Threatens to have a significant adverse impact on a large number of systems and/or people (for example, the entire company is affected)
        2. Threatens confidential data 
        3. Adversely impacts our enterprise system or service critical to our operations.

      2. Medium
        The severity of a security incident will be considered "medium" if any of the following conditions exist:
        1. Adversely impacts a moderate number of systems and/or people.
        2. Adversely impacts a non-critical enterprise system or service
        3. Adversely impacts a departmental system or service, such as a file server
        4. Disrupts a building network

      3. Low
        Low severity incidents have the following characteristics:
        1. Adversely impacts a very small number of systems or individuals
        2. Disrupts a very small number of network devices or segments

      4. NA (Not Applicable)
        This is used for events reported as a suspected IT security incident but upon investigation of the suspicious activity, no evidence of a security incident is found.





    2. Incident Response Summary Table
      The following table summarizes the handling of IT security incidents based on incident severity, including response time, the responsible incident managers, and notification and reporting requirements. Check /wiki/spaces/CW/pages/27950367 on Levels of security issues.


Incident SeverityLevelsCharacteristics (one or more condition present determines the severity)Response TimeIncident ManagerRisk ControlsWho to NotifyPost-Incident Report Required*
High5,4
  1. Threatens to have a significant adverse impact on a large number of systems and/or people (for example, the entire company is affected)
  2. Threatens confidential data 
  3. Adversely impacts our enterprise system or service critical to our operations.
2 hours since identificationOne of 3 Senior I.T. managers
  1. Restrict access to the system and data until resolved.
  1. Other I.T. staff
  2. Customer Service
  3. Technical support/helpdesk staff
  4. All department heads
Yes
Medium3,2
  1. Adversely impacts a moderate number of systems and/or people.
  2. Adversely impacts a non-critical enterprise system or service
  3. Adversely impacts a departmental system or service, such as a file server
  4. Disrupts a building network
4 hoursOne of 3 Senior I.T. managers
  1. Consider restricting access to the system and data until resolved.
  1. Other I.T. staff
  2. Customer Service
  3. Technical support/helpdesk staff
  4. All department heads
Yes
Low1
  1. Adversely impacts a very small number of systems or individuals
  2. Disrupts a very small number of network devices or segments
Next
business day
One of 3 Senior I.T. managersNone
  1. Affected individuals
No
N/A"Not Applicable" - used for suspicious activities which upon investigation are determined not to be an IT security incident.



  • No labels