Incident Management and Response Policy

Questions and Answers

Who is responsible for ensuring that reported security incidents are added to the appropriate incident management system?

• Incident responders
• Information security officer (ISO) (correct)
• CEO
• On-Call-Engineer (OCE)

What is the first step recommended for reporting a security incident?

• Inform the On-Call-Engineer (OCE)
• Report the incident to your manager (correct)
• Do nothing and wait for the incident to pass
• Approach the CEO directly

Which role is responsible for addressing the incident at any given point in time?

• On-Call-Engineer (OCE) (correct)
• Incident responders
• Information security officer (ISO)
• CEO

What does a quick resolution of a security incident require?

Focus and clearly defined responsibilities (C)

Which individual should you approach to report a security incident if your manager is unavailable?

CEO (B)

What requires human intervention to avert disruptions or restore the operational status?

$\text{Irregular and anomalous conditions}$ (C)

What defines Low severity incidents?

Incidents that do not require immediate remediation (A)

Which scenario is considered a Medium severity incident?

Suspicious emails or unusual activity on a staff laptop (A)

What should be done in the case of Internal Malicious Activity involving a 360tf staff member?

Contact the Information Security Officer (ISO) or CEO directly (C)

When should immediate actions be taken according to the text?

For Critical severity incidents where security attack was successful (B)

Who will determine if legal counsel should be involved in critical incidents?

The Information Security Officer (ISO) (B)

What responsibility lies with the person or team handling critical incidents?

Remediate the vulnerability and limit damage (A)