1. Introduction

This policy outlines the procedures for managing cybersecurity incidents at Techwise Support. The aim is to minimise impact, ensure swift recovery, and improve future incident response.

 

2. Objectives

  • Swift Detection and Response: Quickly identify and respond to incidents.
  • Effective Containment: Limit the impact and prevent further damage.
  • Thorough Eradication: Remove threats and restore operations.
  • Continuous Improvement: Learn from incidents to improve future responses.

 

3. Incident Response Team

  • Incident Manager: Oversees the response process.
  • Technical Lead: Manages containment and eradication.
  • Communication Lead: Handles communications.
  • Legal/Compliance Officer: Ensures compliance with legal standards.

 

4. Incident Response Process

  • Preparation:
    • Policy and Plan: Maintain a documented Incident Response Plan (IRP) that aligns with business continuity and disaster recovery strategies.
    • Team Roles: Clearly define and train roles for the incident response team.
    • Tools and Resources: Ensure the team has access to necessary tools, permissions, and communication channels.
  • Identification:
    • Monitoring: Use tools like SIEM (Security Information and Event Management) to detect incidents.
    • Automated Notifications: Implement automated notifications to alert relevant team members promptly.
  • Containment:
    • Short-Term Containment: Quickly isolate affected systems to prevent further damage.
    • System Backup: Take forensic images before making any changes to preserve evidence.
    • Long-Term Containment: Stabilise systems while planning for full restoration.
  • Eradication:
    • Threat Removal: Eliminate the root cause and any residual threats.
    • System Hardening: Analyse and improve system defences to prevent recurrence.
  • Recovery:
    • System Restoration: Restore systems using clean backups.
    • Monitoring: Monitor restored systems for any signs of lingering threats.
  • Post-Incident Review:
    • Lessons Learned: Conduct a thorough review to identify what worked and what needs improvement.
    • Documentation: Update the IRP based on insights gained.

 

5. Communication Plan

  • Internal Communication: Use secure channels to coordinate within the team.
  • External Communication: Prepare templates and protocols for communicating with clients, stakeholders, and legal authorities.

 

6. Ongoing Training and Testing

  • Regular Drills: Conduct drills and tabletop exercises to ensure the team is prepared.
  • Continuous Learning: Update training programs based on recent incidents and emerging threats.

 

7. Documentation and Compliance

  • Record Keeping: Maintain detailed records of all incidents and responses.
  • Compliance: Ensure all actions comply with legal and regulatory requirements.

 

8. Review and Updates

  • Annual Review: Review and update this policy annually or after significant incidents.

 

9. Contact Information

For any queries regarding this policy, contact:

Incident Response Team
Techwise Support
32 London Road, Guildford, GU1 2AB
support@thewebsitespace.com