Incident Response : How To Classify Incidents Based On Its Severity ?

Author - Sanjay D. Tiwari, CISO, Suryoday Small Finance Bank

Prioritizing the handling of the incident is perhaps the most critical decision point in the incident handling process.
Incidents should not be handled on a first come, first served basis because of resource limitations. Instead, handling should be prioritized based on severity. Prioritizing incident defines how quickly the addressed incident need to be resolved.

Prioritization based on how quickly an incident to be resolved is directly proportional to the impact of the incident.

Here is a sample of classification of Incidents based on severity.

Also, find below the detailed Incident Management Plan shared by our member.

Type High Medium Low
Technological Malfunctioning of System Group of customers. Employees affected Small group of customers or a branch affected Few people not able to carry out task completely (Group of 2-5 Users), if not contained may escalate.
Unauthorized disclosure of business Information Unauthorized disclosure of confidential and restricted documents/information that has severely impacted the business Unauthorized disclosure of confidential and restricted documents/information that has minor impact on the business Unauthorized disclosure of official documents but no impact on business.
Unauthorized Modification of business Information or Information processing facilities Corporate Website Defacement, unauthorized modification of confidential and restricted documents/information that has severely impacted the business, Unauthorized modification of servers and core network devices. Unauthorized modification of confidential and restricted documents/information that has minor impact on the business, Unauthorized modification of workstation computers Unauthorized modification of official documents but no impact on business
Unavailability of Information or Information processing facilities Unavailability of high critical services Unavailability of medium critical services Unavailability of low critical services
Detection of unauthorized computing or network equipment Someone tries to steal the data using unauthorized Wi-Fi access point which is using official look alike SSID Unauthorized Wi-Fi access point is detected using official look alike SSID Unauthorized computing or network devices is found in restricted areas/Workflow
Physical Access Violation When unauthorized person enters the work area and manage to steal business information or information processing equipment. When unauthorized person enters sensitive / restricted area. When unauthorized person enters the work area Piggybacking or tailgating by staff.
Physical Damage Damages which has caused severe injuries to staff or/and major destruction of assets. Damages which has caused minor injuries to staff or/and major destruction of assets. Damages that do not resulted in any injuries to staff but only minor physical damages of assets.
Non-Availability of services All or Majority of user’s customers are affected due to non-availability of service Only a section / category of users is affected due to non-availability of service Only few or none of users are affected but service is partially affected.

Download The Complete Plan :

Need to download the detailed Incident Management Plan ? You can download it here

Views: 1187

Comment

You need to be a member of CISO Platform to add comments!

Join CISO Platform

Follow Us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2019   Created by CISO Platform   |   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

Related Posts