Not a Tech Pro Research member? Sign up for a Free Trial and get access to this content and more for one week.
Incident response policy
- Originally Published:
- Dec 2017
Every enterprise needs to establish a plan of action to assess and then recover from unauthorized access to its network. This policy provides a foundation from which to start building your specific procedures.
From the policy:
Whether initiated with criminal intent or not, unauthorized access to an enterprise network is an all too common occurrence. Although network intrusion and protection hardware and software systems can prevent or mitigate many of these incidents, even the best security will suffer a breach at some point. When an intrusion is detected, the incident response team must act quickly to protect the integrity of the enterprise’s data according to the procedures outlined in this policy.
The Incident Response Policy applies to all employees, executives, contractors, and vendors with access to any part of the information technology network of this enterprise, regardless of role. Any intrusion, no matter how it’s discovered, must be reported under the procedures outlined by this policy.
The Incident Response Policy will go into effect immediately after security for any enterprise IT system or communication network is determined to be compromised. An incident requiring action is defined as an adverse event that has caused, or has the potential to cause, damage to the assets, reputation, or personnel of the enterprise.
An incident includes, but is not restricted to, the following:
- The loss or theft of data or information
- The transfer of data or information to those who are not entitled to receive that information
- Attempts (either failed or successful) to gain unauthorized access to data or information storage or a computer system
- Changes to information or data or system hardware, firmware, or software characteristics without the knowledge, instruction, or consent of the enterprise
- Unwanted disruption or denial of service to a system
- The unauthorized use of a system for the processing or storage of data by any person
Already a member? Log in here