Scope
This page describes the process and workflow that Deiser follows when a security incident is reported or found.
Departments involved
Deiser has two departments involved in the resolution of an incident, this is the list ordered by response level:
...
Severity of the Issue | CVSS v3 Score | Characteristics | Response time SLA |
---|---|---|---|
Critical | >= 9 |
For critical vulnerabilities, is advised that you patch or upgrade as soon as possible, unless you have other mitigating measures in place. For example, a mitigating factor could be if your installation is not accessible from the Internet. | 4 weekshours |
High
| >=7 |
| 6 weeks8 hours |
Medium | >=4 |
| 8 weeks24 hours |
Low | <4 | Vulnerabilities in the low range typically have very little impact on an organisation's business. Exploitation of such vulnerabilities usually requires local or physical system access. | 10 weeks72 hours |
Response times will apply since the date and time when the ticket to Service Desk is opened.
...