How to Handle a Security Incident

What is a Security Incident?

The occurrence or development of any of the following situations could indicate an information security incident:

  • A possible breach of information security (unauthorized disclosure of data, loss of data, data corruption, improper use of the company network, etc.).
  • A failure in one of the systems that could result from an information security vulnerability.​​​​​​​

How to react?

As soon as you suspect or observe a security incident within the company or at a customer’s premises including your responsibility or a data leak, you are required to alert the IT Systems Security Department DSIS through the tools set up by your company (tracking tool, ticketing such as GLPI, telephone, emailing, etc.)

In the event of a security incident at a client’s premises, the IT Systems Security Department will contact the project’s security manager / referent in order to define the communication method to be adopted with the client.

In general (unless there is a constraint), the report to the latter must be made within 24 working hours.

Examples of Security Incidents
​​​​​​​

  • The compromise of sensitive classified company data or internal data to third parties, competitors, the public.
  • Unauthorized access to the information system.
  • Unwanted disruption or deliberate denial of service (DOS) attacks.
  • Detection of viruses, worms and Trojan horses.
  • Theft of information, data, or assets.
  • Errors resulting from negligent operations, erroneous business data, or incorrect processing.
  • Privacy breaches.
  • Failure to comply with legal and regulatory requirements.
  • Attempts to gain unauthorized access to a system or its data.
  • Concealment, impersonation of authorized users.
  • Unauthorized use of a system for data processing by authorized or unauthorized users.
  • Unauthorized use of a system for data storage by authorized or unauthorized users.
  • Changes to system hardware, firmware, or software specifications and data without notifying application owners. In the case of outsourced services, cloud environments or similar commitments, the changes will be caused by the applicable contractual terms.
  • Unauthorized changes, without approval, with malicious intent to gain access.
  • The existence of unknown user accounts with no responsibility or authorization.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *