Scope
This page describes the process and workflow that DEISER Deiser follows when a security incident is reported or found.
Departments involved
DEISER has two departments involved in the resolution of an incident, this is the list ordered by response level:
...
The following table describes the classification of the levels of incidents ordered by priority and the description about them.
Severity of the Issue | CVSS v3 Score | Characteristics | Response time SLA |
---|---|---|---|
Critical | >= 9 |
For critical vulnerabilities, is advised that you patch or upgrade as soon as possible, unless you have other mitigating measures in place. For example, a mitigating factor could be if your installation is not accessible from the Internet. | 4 hours |
High | >=7 |
| 8 hours |
Medium | >=4 |
| 24 hours |
Low | <4 | Vulnerabilities in the low range typically have very little impact on an organisation's business. Exploitation of such vulnerabilities usually requires local or physical system access. | 72 hours |
Critical and high vulnerabilities:
...