Overview
This Alpha Serve internal procedure is to handle information security incidents so as to minimize their impact on the confidentiality, integrity, and availability of the systems, applications, and data. An effective approach to managing such incidents also limits the negative consequences to relevant parties and improves the ability of Alpha serve to restore operations affected by such incidents.
Goals
The goals of establishing a successful incident management procedure include the following:
Mitigating the impact of security incidents on systems, applications and customers;
Identifying the sources and underlying causes of such security incidents and unauthorized disclosures in order to reduce their future likelihood of occurrence;
Protecting, preserving, and making usable all information regarding the incident or disclosure as necessary for analysis and notification.
Ensuring that all parties are aware of their responsibilities regarding such system security incident handling.
Protecting the reputation of Alpha Serve as Atlassian Marketplace Partner.
Incident Definition
An application security incident is, actual or suspected:
Unauthorized access, use, disclosure, modification, or destruction of information;
Interference with information technology operation;
Violation of explicit security policy by any party;
Compromised user accounts;
Unauthorized access to, or use of, systems, software, or data;
Unauthorized changes to systems, software, or data.
Step-by-Step Instructions
Each employee, temporary worker and contractor must report their supervisor on actual or suspected application security incidents as soon as possible so that work can begin to assess, investigate and resolve them.
If the incident poses any kind of immediate danger, the Alpha Serve CEO should be informed immediately by email and telephone.