Versjonssammenligning

Version Gammel versjon 1 Ny versjon Gjeldende
Endringer gjort av

Stian Jonson

Stian Jonson

Lagret den

Nøkkel

  • Denne linjen ble lagt til.
  • Denne linjen ble fjernet.
  • Formateringen ble endret.

Table of Contents

Innholdsfortegnelse

...

Incident definition

  • Definition: An

...

  • incident is an unplanned, disruptive event or failure that affects the software’s performance, functionality, security, availability, or abnormal activity. Incidents often require immediate attention to mitigate their impact.

  • Nature: Always unplanned and may involve a significant disruption or risk.

  • Example:

    • A critical bug in production that causes an application to crash or stop functioning.

    • A security breach in the software, such as a vulnerability being exploited by external parties.

    • Server downtime or a system outage that affects end-users.

  • Focus: The immediate focus of an incident is on fixing the problem (incident resolution), investigating the root cause, and implementing measures to prevent future occurrences (incident management).

  • Team: The Incident Response Team (IRT)

Incident Management process definition

The Process responsible for managing the life cycle of all Incidents. The primary Objective of Incident Management is to return the IT Service to Users as quickly as possible.

Incident organisation

To see the employees who hold the various roles https://cxschool.atlassian.net/wiki/spaces/GD/pages/57114637

Entity

External System Incidents

Internal System Incidents

Incident Response Team (IRT)

IRM

SO

 

IT OPM

 

 

SAM

 

Incident Handling Team (IHT)

Other resources needed to handle the Incident

Other resources needed to handle the Incident

IRT - Roles and Responsibilities

...

Role

...

Description

...

Responsibility

...

Customer

...

Anyone who reports an error in any of our products, can be from Support, Business or from the customer.

...

Report incident to IT Operation Manager in writing, and by phone if critical error.

...

IT Operation Manager/IRT

...

IT Operation / IRT

...

Diagnose and classify the scope of the incident, fix and close error if possible. Notify customer when done.

...

System architect / Lead Developer

...

System architect for the affected product/system. System architect might need to involve Lead Development if needed.

...

 

...

OSD

...

Orient Software Development working with the affected system.

...

 

Incident process

...

Roles

Responsibilites

Incident Response Manager (IRM)

 

 

The Incident Response Manager oversees and prioritizes actions during the detection, analysis, and containment of an incident. They are also responsible for conveying the special requirements of high severity incidents to the rest of the organization as well as communicating potential impact to the upper Management. Additionally, they are responsible for understanding the service level agreement (SLAs) in place with third parties, and the role third parties may play in specific response scenarios.

 Further responsibilities:

  • Act as a liaison for all communications to and from the upper management.

  • Ensure personnel tasked with incident response responsibilities are trained and knowledgeable on how to respond to incidents.

  • Update Plan and procedures as needed based on results from testing, incident response lessons learned, industry developments and best practices.

  • Review the Plan and procedures at least annually.

  • Initiate tests of the Plan and procedures at least annually.

  • Ensure team activities comply with legal and industry requirements for incident response procedures.

  • Be aware of contact mechanisms, and when to include providers.

Incident Handling Team Members (IHT)

The Incident Response Manager (IRT) is supported by a team of technical staff that work directly with the affected information systems to research the time, location, and details of an incident. Team members are typically comprised of subject matter experts (SMEs), senior level IT staff, third parties, outsourced security or forensic partners.

 Further responsibilities:

  • Assist in incident response as requested. IRT responsibilities should take priority over normal duties.

  • Understand incident response plan and procedures to appropriately respond to an incident.

  • Continue to develop skills for incident response management.

  • Ensure tools are properly configured and managed to alert on security incidents/events.

  • Analyze network traffic for signs of denial of service, distributed denial of service, or other external attacks.

  • Review log files of critical systems for unusual activity.

  • Monitor business applications and services for signs of attack.

  • Collect pertinent information regarding incidents at the request of the Incident Response Manager.

  • Consult with qualified information security staff for advice when needed.

  • Ensure evidence gathering, chain of custody and preservation is appropriate.

  • Participate in tests of the incident response plan and procedures.

  • Be knowledgeable of service level agreements with service providers in relation to incident response.

Notification and Communication

Required notification and communication both internally and with third parties (customers, vendors, law enforcement, etc.) based on legal, regulatory, and contractual requirements must take place in a timely manner.

  • The Incident Response Manager must report the incident to the senior leadership.

  • The senior leadership must report any potential breaches and/or incidents involving customer data to the Security Incident Handling Team (SIHT) promptly.

  • The SIHT All employees who become aware of or suspect an incident must start filling in the incident form, and notify the IRT team

  • The IRT is responsible for appropriate notification to:

    • Personnel,

    • Affected customers and/or partners (within 48 hours, based on Service Level Agreements, based on legal or regularity compliance, whichever is shorter),

    • Government bodies or officials as required by applicable statutes and/or regulations.

...

The SIRT is comprised of IT management and experienced personnel. The role of the SIRT is to promptly handle an incident so that containment, investigation, and recovery can occur quickly. Where third-party services are leveraged, ensure they are engaged as necessary.

Roles and Responsibilities

Roles

Responsibilities

Incident Response Manager (IRM)

 

 

The Incident Response Manager oversees and prioritizes actions during the detection, analysis, and containment of an incident. They are also responsible for conveying the special requirements of high severity incidents to the rest of the organization as well as communicating potential impact to the upper Management. Additionally, they are responsible for understanding the service level agreement (SLAs) in place with third parties, and the role third parties may play in specific response scenarios.

 

Further responsibilities:

  • Act as a liaison for all communications to and from the upper management.

  • Ensure personnel tasked with incident response responsibilities are trained and knowledgeable on how to respond to incidents.

  • Update Plan and procedures as needed based on results from testing, incident response lessons learned, industry developments and best practices.

  • Review the Plan and procedures at least annually.

  • Initiate tests of the Plan and procedures at least annually.

  • Ensure team activities comply with legal and industry requirements for incident response procedures.

  • Be aware of contact mechanisms, and when to include providers.

Incident Response Team Members

The Incident Response Manager is supported by a team of technical staff that work directly with the affected information systems to research the time, location, and details of an incident. Team members are typically comprised of subject matter experts (SMEs), senior level IT staff, third parties, outsourced security or forensic partners.

 

Further responsibilities:

  • Assist in incident response as requested. SIRT responsibilities should take priority over normal duties.

  • Understand incident response plan and procedures to appropriately respond to an incident.

  • Continue to develop skills for incident response management.

  • Ensure tools are properly configured and managed to alert on security incidents/events.

  • Analyze network traffic for signs of denial of service, distributed denial of service, or other external attacks.

  • Review log files of critical systems for unusual activity.

  • Monitor business applications and services for signs of attack.

  • Collect pertinent information regarding incidents at the request of the Incident Response Manager.

  • Consult with qualified information security staff for advice when needed.

  • Ensure evidence gathering, chain of custody and preservation is appropriate.

  • Participate in tests of the incident response plan and procedures.

  • Be knowledgeable of service level agreements with service providers in relation to incident response.

Security Incident Handling Team (SIHT)

  • Consists of legal experts, risk managers, and other department managers that may be consulted or notified during incident response.

  • Advise on incident response activities relevant to their area of expertise.

  • Maintain a general understanding of the Plan and policies of the organization.

  • Ensure incident response activities are in accordance with legal, contractual, and regulatory requirements.

  • Participate in tests of the incident response plan and procedures.

  • Responsible for internal and external communications pertaining to security incidents.


Escalation Procedure

The escalation procedure shall follow the BIL classification.

...