Skip to content

Low Severity Incident Response

Document Information
Version {{version}}
Effective Date {{effective_date}}
Document Owner {{document_owner}}
Next Review {{next_review_date}}
Approved By {{approved_by}}

Purpose

The purpose of this Incident Response Plan is to define the process for responding to information and cyber security incidents of {{company_name}}, hereafter referred to as "the company". This is crucial to managing information and cyber security risks, minimizing the impact of incidents, and recovering from incidents in a timely and orderly manner.

Scope

This plan applies to all cybersecurity incidents that could affect the confidentiality, integrity, or availability of the company\'s data or systems. It applies to all employees, contractors, and third parties involved in the company\'s operations.

Incident Identification

The company has mechanisms in place to identify potential cybersecurity incidents. This includes but is not limited to:

  • System and Network Monitoring: The first step in our incident identification process involves continuous monitoring of all systems and networks. We utilize tools to detect unusual or suspicious activity. The {{it_provider}} is responsible for reviewing and analysing the logs and alerts generated by these tools {{log_review_frequency}} and reporting any incident.

  • User Activity Monitoring: In addition to system and network monitoring, we also monitor user activity. This helps us detect actions that could indicate a threat. We keep an eye out for excessive login attempts, unusual data access or transfer, and changes to system configurations. The {{it_provider}} oversees this process.

  • Threat Intelligence: We subscribe to threat intelligence services to stay informed about new threats and vulnerabilities. This information is used to update our threat landscape and to improve our incident identification capabilities. The {{it_provider}} is responsible for reviewing these updates and implementing necessary changes to our monitoring systems.

Incident Assessment

Once a potential incident has been identified, the first step is to conduct an initial assessment. This involves gathering all available information about the incident, such as the systems or data affected, the nature of the incident, and the time and date of the incident. The {{it_provider}}, specifically the incident response team, is responsible for conducting this initial assessment.

Classification Criteria

The incident is then classified based on its nature and severity. We use the following criteria for classification:

  • Nature of the Incident: This refers to the type of incident, such as a malware infection, data breach, privacy breach or denial of service attack.

  • Severity of the Incident: This refers to the impact of the incident on our operations, data, systems, or reputation. Factors to consider include the number of systems or data records affected, the sensitivity of the affected data, the disruption to our operations, and the potential reputational damage.

Incident Categories

Based on the nature and severity, the incident is categorized into one of the following categories:

  • Low: Incidents that have a minor impact on a small number of non-critical systems or data, and the privacy of customer data has not been breached that could cause customer economic loss.

  • Medium: Incidents that have a moderate impact on a moderate number of systems or data, or a minor impact on critical systems or data and the privacy of customer data breached has a low potential to cause customer economic loss.

  • High: Incidents that have a major impact on many systems or data, or a moderate to major impact on critical systems or data and the privacy of customer data has been breached that could cause customer economic loss.

Incident Response Determination Procedure

Low Severity Incident Response

For incidents classified as low severity, {{it_provider}} will handle the response. This typically involves:

  • Isolating the affected systems to prevent the spread of the incident.

  • Identifying and eliminating the cause of the incident.

  • Restoring the affected systems to normal operation.

  • Documenting the incident and the response actions taken.

  • Reporting the incident to the {{managing_authority}}.

Medium Severity Incident Response

For incidents classified as medium severity, the incident response team will be involved. The response to a medium severity incident typically includes the steps for a low severity incident, plus:

  • Notifying management and compliance officer of the incident.

  • If there is a suspected privacy breach, involving external legal advisor to determine appropriate steps and if it will be required to be reported to Office of the Australian Information Commissioner (OAIC) or other regulators.

  • Conducting a more detailed investigation to understand the cause and impact of the incident and determine if the incident is a reportable breach.

  • Implementing additional measures to prevent similar incidents in the future.

  • Communicating with affected users or customers, if necessary.

High Severity Incident Response

For incidents classified as high severity, the incident response team will lead the response, with the involvement of management and external legal and specialists. The response to a high severity incident typically includes the steps for a medium severity incident, plus:

  • Activating the company\'s crisis management or business continuity plan, if necessary.

  • Notifying relevant external parties, such as law enforcement, OAIC and other regulators, and insurance providers.

  • Conducting a comprehensive post-incident review to learn from the incident and improve the company\'s cybersecurity measures.

Documentation and Regular Review and Improvement

Regardless of the severity, all incidents and the response actions taken should be thoroughly documented. This documentation should be reviewed {{incident_review_frequency}} to identify trends, assess the effectiveness of the response, and make improvements to the incident response process.

Our incident identification process will be reviewed {{default_policy_review}} to ensure its effectiveness. This includes analysing incident reports, assessing the performance of our monitoring tools, and gathering feedback from staff. Based on these reviews, we make necessary adjustments to the process. The outcome of these reviews will be used to improve our procedures.

Roles and Responsibilities

The company\'s management and incident response team are responsible for implementing and maintaining this plan, and for managing the company\'s incident response efforts. All users are responsible for cooperating with this plan and for fulfilling their roles and responsibilities in the incident response process.

The company will assign roles and responsibilities for incident response. This includes an incident response team that is trained and ready to respond to incidents.

Incident Response Team:

Name Phone Number

Contact list for Medium to High severity Incidents:

Role Name Phone Number

CEO Steven Vassiloudis

Compliance (CFO) {{privacy_officer_name}}

Legal Privacy

Review

This plan will be reviewed {{default_policy_review}} or as needed based on changes to our business, technology, or regulatory environment.

Essential Eight Alignment

This policy supports incident response for all Essential Eight controls, particularly:

  • Regular Backups - For recovery procedures
  • Application Control - For malware incidents
  • Patch Management - For vulnerability exploitation incidents

Target Maturity: {{e8_target_maturity}}

Implementation Check

  1. Who owns this? {{policy_owner}}
  2. Are we doing it? {{implementation_status}}
  3. When will we check again? {{next_review_date}}

Board Oversight

Key Questions for Directors:

  1. Are we meeting our policy commitments?
  2. What are our top risks in this area?
  3. Do we have adequate resources allocated?

Reporting: {{board_reporting_cycle}} review at board meetings