Incident Response PlanUpdated a year ago
1. Introduction
Purpose
The purpose of this incident response plan is to outline the procedures and guidelines for effectively responding to security and operational incidents within the SmokeSource application.
By and large Smoke Source’s incident response plan is run through our development and hosting agency, Crowdbotics. For more information on our response plan as well as our preventative measures, please visit Crowdbotic’s security page.
Scope
This plan applies to all personnel involved in the development, deployment, and operation of SmokeSource.
Objectives
The main objectives of this plan are:
- Minimize the impact of incidents on the software application and its users.
- Identify and report incidents promptly.
- Contain, eradicate, and recover from incidents efficiently.
- Learn from incidents and improve our incident response capabilities.
2. Incident Categories
Categorize potential incidents based on their nature and severity. Common categories include but are not limited to:
- Security breaches
- Data breaches
- Unauthorized access
- Data loss
- Downtime and service disruptions
- Malware or virus infections
- Insider threats
3. Incident Response Team
Roles and Responsibilities
- Incident Response Coordinator - Fantasium LLC
- IT and Security Team - Crowdbotics
- Legal and Compliance Team - Cutler Law Firm
- Communication and PR Team - Fantasium LLC, CaliConnected
- Management Team - Fantasium LLC
Contact Information
- Fantasium LLC - [email protected], 1+ 605-321-7249
- Crowdbotics Security Team - [email protected]
4. Preparation & Prevention Phase
- Maintain an inventory of all assets related to the application.
- Conduct regular risk assessments.
- Document security policies and procedures.
- Implement training and awareness programs.
- The company requires employees to complete security awareness training within thirty days of hire and at least annually thereafter.
- Deploy detection mechanisms.
- The company's penetration testing is performed at least annually. A remediation plan is developed and changes are implemented to remediate vulnerabilities in accordance with SLAs.
- Ensure availability of incident response tools.
5. Incident Detection and Reporting
Crowdbotics manages incident detection and reporting. For details on how they do this please visit their security page.
6. Assessment Phase
- Categorize incidents.
- Perform initial triage.
- Assess the impact.
- Notify relevant parties.
- Escalate as necessary.
7. Response - Containment and Eradication
- Isolate affected systems.
- Remediate vulnerabilities or weaknesses.
- Preserve evidence for investigation.
8. Recovery Phase
- Restore affected systems and services.
- Recover lost data.
- Perform a post-incident review.
9. Communication and Coordination
- Communicate internally and externally.
- Coordinate with relevant parties, including law enforcement if necessary.
10. Post-Incident Activities
- Document the incident and response actions.
- Conduct a lessons learned session.
- Update policies and procedures based on findings.
11. Testing and Training
- Regularly conduct tabletop exercises.
- Provide training to all involved personnel.
12. References and Appendices
Include any supporting documents, contact lists, and incident report templates.
Remember that this plan is a living document and should be regularly reviewed and updated to adapt to changing threats and technology. Training and awareness are key to successful incident response, and testing through exercises ensures the plan's effectiveness.