Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
about:irp [2026/01/07 11:22] – [5.2 Containment] miguelabout:irp [2026/01/07 11:23] (current) miguel
Line 14: Line 14:
 - All data processed by the service, including personal data - All data processed by the service, including personal data
 - All administrators and personnel with access to systems - All administrators and personnel with access to systems
 +
 ## 3. Definitions ## 3. Definitions
  
Line 30: Line 31:
 - Credential compromise - Credential compromise
 - Defacement or unauthorised modification of wiki content - Defacement or unauthorised modification of wiki content
 +
 ## 4. Roles and Responsibilities ## 4. Roles and Responsibilities
  
Line 86: Line 88:
  
 **Actions**: **Actions**:
 +
 - Identify and patch vulnerabilities - Identify and patch vulnerabilities
 - Remove malware or unauthorised access mechanisms - Remove malware or unauthorised access mechanisms
Line 97: Line 100:
  
 **Actions**: **Actions**:
 +
 1. Restore systems from clean backups if necessary 1. Restore systems from clean backups if necessary
 2. Verify system integrity before returning to production 2. Verify system integrity before returning to production
Line 108: Line 112:
  
 **Actions** (within 5 business days of resolution): **Actions** (within 5 business days of resolution):
 +
 1. Conduct a post-mortem meeting 1. Conduct a post-mortem meeting
 2. Document timeline, root cause, and response effectiveness 2. Document timeline, root cause, and response effectiveness
Line 113: Line 118:
 4. Update procedures, configurations, or monitoring as needed 4. Update procedures, configurations, or monitoring as needed
 5. Archive incident record 5. Archive incident record
 +
 +
 ## 6. Severity Classification ## 6. Severity Classification
  
 ^ Severity ^ Description ^ Response Time ^ Examples ^ ^ Severity ^ Description ^ Response Time ^ Examples ^
-**Critical** | Major breach, data exfiltration, complete service outage | Immediate (< 1 day) | Database compromise, ransomware, mass data leak | +| *Critical* | Major breach, data exfiltration, complete service outage | Immediate (< 1 day) | Database compromise, ransomware, mass data leak | 
-**High** | Significant impact, potential data exposure, partial outage | < 2 day | Admin account compromise, targeted attack, authentication bypass | +| *High* | Significant impact, potential data exposure, partial outage | < 2 day | Admin account compromise, targeted attack, authentication bypass | 
-**Medium** | Limited impact, contained threat, degraded service | < 1 week | Single account compromise, failed intrusion attempt, suspicious activity | +| *Medium* | Limited impact, contained threat, degraded service | < 1 week | Single account compromise, failed intrusion attempt, suspicious activity | 
-**Low** | Minimal impact, near miss, policy violation | < 2 weeks | Misconfiguration detected, minor policy breach, spam |+| *Low* | Minimal impact, near miss, policy violation | < 2 weeks | Misconfiguration detected, minor policy breach, spam |
  
 ## 7. GDPR Breach Notification ## 7. GDPR Breach Notification
Line 130: Line 137:
  
 **Report to**: **Report to**:
 +
 - FDPIC (Switzerland): https://www.edoeb.admin.ch - FDPIC (Switzerland): https://www.edoeb.admin.ch
 - CNIL (France): https://www.cnil.fr - CNIL (France): https://www.cnil.fr
  
 **Report must include**: **Report must include**:
 +
 - Nature of the breach and categories of data affected - Nature of the breach and categories of data affected
 - Approximate number of individuals affected - Approximate number of individuals affected
Line 145: Line 154:
  
 **Notification must include**: **Notification must include**:
 +
 - Clear description of the breach - Clear description of the breach
 - Contact point for questions - Contact point for questions
Line 159: Line 169:
 - Limit information to those with a need to know - Limit information to those with a need to know
 - Document all communications in the incident record - Document all communications in the incident record
 +
 ### External Communication ### External Communication
  
Line 227: Line 238:
  
 --- ---
 +
 ## Appendix B: Incident Record Template ## Appendix B: Incident Record Template
  
  • Last modified: 2026/01/07 11:23
  • by miguel