Add incident response procedure v1.2

This commit is contained in:
Nina Seidel 2026-01-22 14:00:00 +00:00
parent 43db8c2395
commit 4b3192bc0f

View file

@ -0,0 +1,28 @@
# Incident Response Procedure
**Version:** 1.2 | **Owner:** SOC | **Classification:** Internal
## Severity classification
| Level | Description | Initial Response Time | War room |
|-------|-------------|----------------------|---------|
| P1 | Active breach / data exfiltration | 15 minutes | Mandatory |
| P2 | Suspected compromise / malware | 1 hour | If needed |
| P3 | Security anomaly / suspicious activity | 4 hours | No |
| P4 | Policy violation / low risk | Next business day | No |
## P1 / P2 response steps
1. **Contain** — isolate affected systems immediately
2. **Preserve** — snapshot disks, preserve logs before remediation
3. **Notify** — CISO, legal, communications lead
4. **Investigate** — forensic analysis, determine scope
5. **Eradicate** — remove threat actor access
6. **Recover** — restore from clean backups
7. **Lessons learned** — post-incident review within 2 weeks
## Contacts
- SOC hotline: +49 69 123 456 (24/7)
- CISO: direct mobile (see 1Password "emergency contacts")
- Legal: legal@nexus.local