blob: 29f7ce5f69db709467a8b4888848a5134ddf550b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
# Incident Response Policy
This document defines how we detect, respond to, and report security incidents.
## Response Workflow
1. Detection via monitoring, alert, or client report
2. Triage severity and affected systems
3. Contain and isolate threat (e.g., suspend access)
4. Notify stakeholders if client-impacting
5. Perform root cause analysis
6. Patch, re-secure, and document the event
## Timelines
- Initial triage: within 2 hours
- Client notification (if impacted): within 24 hours
- Final report delivered internally within 72 hours
## Tools Used
- Fail2Ban
- Genesis Shield alerting
- Zabbix/Prometheus incident flags
- Manual log reviews (forensic-level)
|
