Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Scope

This page describes the process and workflow that Deiser follows when a security incident is reported or found.

Departments involved

Deiser has two departments involved in the resolution of an incident, this is the list ordered by response level:

  1. Support: is the first level of support. Different work shifts are established in order to have 24/7 response. Support employees will resolve the incidents, given they are able to, in the times specified in the SLA agreement.
  2. Development: the second level of support. If an incident cannot be resolved by the Support department, the incident will be assigned to the development department. This department has a deeper knowledge of the system and can change everything in the code even do hotfixes and quick releases.

 

Incidents definition and classification

 

The following table describes the classification of the levels of incidents ordered by priority and the description about them.

 

Severity of the IssueCVSS v3 ScoreCharacteristicsResponse time SLA

Critical

 >= 9

  • Exploitation of the vulnerability likely results in root-level compromise of servers or infrastructure devices.
  • Exploitation is usually straightforward, in the sense that the attacker does not need any special authentication credentials or knowledge about individual victims, and does not need to persuade a target user, for example via social engineering, into performing any special functions.

For critical vulnerabilities, is advised that you patch or upgrade as soon as possible, unless you have other mitigating measures in place. For example, a mitigating factor could be if your installation is not accessible from the Internet.

4 weeks

High

 

>=7

  • The vulnerability is difficult to exploit.
  • Exploitation could result in elevated privileges.
  • Exploitation could result in a significant data loss or downtime.

6 weeks

Medium 

>=4

  • Vulnerabilities that require the attacker to manipulate individual victims via social engineering tactics.
  • Denial of service vulnerabilities that are difficult to set up.
  • Exploits that require an attacker to reside on the same local network as the victim.
  • Vulnerabilities where exploitation provides only very limited access.
  • Vulnerabilities that require user privileges for successful exploitation. 

8 weeks

Low

<4Vulnerabilities in the low range typically have very little impact on an organisation's business. Exploitation of such vulnerabilities usually requires local or physical system access.10 weeks

 

Response times will apply since the date and time when the ticket to Service Desk is opened.

Non-critical vulnerabilities

When a security issue of a High, Medium or Low severity is discovered, Deiser will include the fix in the next scheduled maintenance release.

You should upgrade your installation in order to fix the vulnerability.

 



  • No labels