— Monitor incidents and problems caused by deployment (provide early life support to operational teams in case the release has caused an increase in volumes of work);
— Update support documentation (i.e. technical information documents);
— Formally hand over the release deployment to service operations;
— Document lessons learnt;
— Collect the release summary document from implementation teams;
— Formally close the release after verifying the Change Request record.
9. Security Incident Management
Security Incident Management is a process for handling security incidents in order to enable incident communication to potentially impacted stakeholders; incident evaluation and prioritisation; and incident response to settle any actual, suspected or potential breach of confidentiality, availability or integrity of sensitive information assets.
9.1. Information Security Incident Categorization
All incidents impacting the link between the Union Registry and the Swiss registry shall be analysed to determine a possible breach in the confidentiality, the integrity or the availability of any sensitive information recorded in the Sensitive Information List (SIL).
If so, the incident shall be characterized as an information security incident, immediately registered in the IT Service Management (ITSM) tool and managed as such.
9.2. Information Security Incident Handling
Security Incidents are placed under the responsibility of the 3rd escalation level and resolution of the incidents will be dealt with by a dedicated Incident Management Team (IMT).
The IMT is responsible for:
— Carrying out a first analysis, categorizing and rating the severity of the incident;
— Coordinating actions between all the stakeholders including the full documentation of the incident analysis, the decisions taken to tackle the incident and any possible identified weaknesses;
— Depending on the severity of the security incident, escalating the incident in a timely manner to the appropriate level for information and/or a decision.
In the Information Security Management process, all information regarding incidents is classified at the highest level of sensitivity of the information, but in any case not lower than ETS SENSITIVE.
For an on-going investigation and/or a weakness that could be exploited, and until its remediation, the information is classified as ETS CRITICAL.
9.3. Security Incident Identification
Based on the security event type, the information security officer determines appropriate organizations to be involved and to be part of the IMT.
9.4. Security Incident Analysis
The IMT liaises with all involved organizations and the relevant members of their teams, as appropriate, to review the incident. During the analysis, the extent of an asset's confidentiality, integrity or availability loss is identified and consequences for all affected organizations are assessed. Next, initial and follow-up actions to resolve the incident and manage its impact, including the resource impact of these actions, are defined.
9.5. Security Incident Severity assessment, Escalation and Reporting
The IMT shall assess the severity of any new security incident after its characterization as a security incident and shall start immediate required action according to the severity of the incident.
Feedback