Report Security Incidents

Owned by Anna Odrynska
Last updated: Jul 07, 2022
3 min read

Security incident is an identified occurrence or weakness indicating a possible breach of security policies or failure of safeguards, or a previously unknown situation which may be security relevant.

Incident Response is the reaction to an identified occurrence whereby responders classify an incident, investigate & contain the incident .

Main Provisions

  1. It is the responsibility of each Alpha Serve employee or contractor to report perceived security incidents to the appropriate supervisor or security person.

  2. End-users of the application are responsible to formally report all security incidents or violations of the security policy immediately to the Alpha Serve support.

  3. Reports of security incidents shall be escalated as quickly as possible. Each incident will be analyzed to determine if changes in the existing security structure are necessary. All reported incidents are logged and the remedial action indicated, including the risk level.

  4. Security breaches shall be promptly investigated based on the risk level.

Incident Response Plan

The purpose of this Incident Response Plan is to allow Alpha Serve to respond quickly and appropriately to information security incidents.

To incidents relate any observable occurrence in a system, network, environment, process, workflow, or personnel. It may or may not be negative in nature, but it is definitely with a negative consequence.

This Plan only applies to adverse events that are computer security related, not those caused by natural disasters, power failures, etc.

Alpha Serve recognizes that, despite reasonable and competent efforts to protect applications and data, a breach or other loss of information is possible. We will make reasonable efforts and act competently to respond to a potential incident in a way that reduces the loss of information and potential harm to customers, partners, and the organization itself.

Alpha Serve’s Incident Response Framework is comprised of 6 phases that ensure a consistent and systematic approach.  

Preparation

The responsible team members are defined together with appropriate lines of communication. We have articulated services necessary to support response activities, and procured the necessary tools.   

Identification and Assessment

Identifying an incident and conducting an assessment will be performed to confirm the existence of an incident.  The assessment should include determining the scope, impact, and extent of the damage caused by the incident.  In the event of possible legal action, digital evidence will be preserved, and forensic analysis may be conducted consistent with legislative and legal requirements.

Containment and Intelligence

Containment of the incident is necessary to minimize and isolate the damage caused. Necessary steps will be taken to ensure that the scope of the incident does not spread to include other systems and resources.  This phase may require expertise from outside parties which will be attracted by Alpha Serve.

Eradication

Eradication requires removal or addressing of all components and symptoms of the incident. Further, validation will be performed to ensure the incident does not reoccur.

Recovery

Recovery involves the steps required to restore data and systems to a healthy working state allowing business operations to be returned.

Lessons Learned

The Lessons Learned phase includes post-incident analysis on the system(s) that were impacted by the incident and other potentially vulnerable systems. Lessons learned from the incident are communicated to the team and action plans developed to improve future incident management practices and reduce risk exposure.