Versions Compared

Old Version 1

changes.mady.by.user Anna Odrynska

Saved on

compared with

New Version Current

changes.mady.by.user Anna Odrynska

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Overview

This Alpha Serve internal procedure is to handle information security incidents so as to minimize their impact on the confidentiality, integrity, and availability of the systems, applications, and data. An effective approach to managing such incidents also limits the negative consequences to relevant parties and improves the ability of Alpha serve to restore operations affected by such incidents.

Goals

The goals of establishing a successful incident management procedure include the following:

  1. Mitigating the impact of security incidents on systems, applications and customers;

  2. Identifying the sources and underlying causes of such security incidents and unauthorized disclosures in order to reduce their future likelihood of occurrence;

  3. Protecting, preserving, and making usable all information regarding the incident or disclosure as necessary for analysis and notification.

  4. Ensuring that all parties are aware of their responsibilities regarding such system security incident handling.

  5. Protecting the reputation of Alpha Serve as Atlassian Marketplace Partner.

Incident Definition

An application security incident is, actual or suspected:

  • Unauthorized access, use, disclosure, modification, or destruction of information;

  • Interference with information technology operation;

  • Violation of explicit security policy by any party;

  • Compromised user accounts;

  • Unauthorized access to, or use of, systems, software, or data;

  • Unauthorized changes to systems, software, or data.

...

Procedure Instructions

Incident Detection and Impact Assessment

All incident detected should be evaluated by the revealing person in terms of potential impact:

...

Based on the primary evaluation, the recoverability efforts are defined and documented.

Incident Reporting and Escalation

Each employee, temporary worker and contractor must report their supervisor on actual or suspected application security incidents as soon as possible so that work can begin to assess, investigate and resolve them.

...

If the incident poses any kind of immediate danger, the Alpha Serve CEO should be informed immediately by email and telephone. Only the CEO can be responsible for final risks evaluation and further decisions on communication with customers (if affected) and Shopify (if relevant).

Incident Resolution and Post-Incident Review

Based on the information in the incident report, supervisor and/or Alpha Serve management team define the further process of incident resolution and create tasks and assignments with due dates to the relevant team members.

...