If a breach is discovered or suspected, take immediate action as follows:
1- Remove the affected computer from the network by disconnecting its cable.
2 – Do not turn the machine off, log on to it or modify it in any way.
3 – Notify the Incident Response Team Chairman.
4 – Identify the path of the breach and block it, if possible.
5 – Preserve all logs and data.
6 – Log all actions taken in Breach Log.
Incident Response Team actions:
1 – Determine the extent of the breach.
2 – Notify executive management.
3 – Make required notifications according to local, state and federal laws and marketplace contracts and policies.
Incident Management Policy
The Information Security Coordinator maintains a security incident reporting and response process that ensures management notifications are made based on the seriousness of the incident. The Information Security Coordinator investigates all reported or detected incidents and documents the outcome, including any mitigation activities or other remediation steps taken.
Incident Reporting. Immediately notify The Information Security Coordinator if you discover a security incident or suspect a breach in F&E Trading’s information security controls. F&E Trading maintains various forms of monitoring and surveillance to detect security incidents, but you may be the first to become aware of a problem. Early detection and response can mitigate damages and minimize further risk to F&E Trading.
Treat any information regarding security incidents as Highly Confidential Information and do not share it, either internally or externally, without specific authorization.
Security Incident Examples. Security incidents vary widely and include physical and technical issues. Some examples of security incidents that you should report include, but are not limited to:
(i) loss or suspected compromise of user credentials or physical access devices (including passwords, tokens, keys, badges, smart cards, or other means of identification and authentication);
(ii) suspected malware infections, including viruses, Trojans, spyware, worms, or any anomalous reports or messages from anti-virus software or personal firewalls;
(iii) loss or theft of any device that contains F&E Trading information (other than Public Information), including computers, laptops, tablet computers, smartphones, USB drives, disks, or other storage media;
(iv) suspected entry (hacking) into F&E Trading’s network or systems by unauthorized persons;
(v) any breach or suspected breach of Confidential or Highly Confidential Information;
(vi) any attempt by any person to obtain passwords or other Confidential or Highly Confidential Information in person or by phone, email, or other means (sometimes called social engineering, or in the case of email, phishing); and
(vii) any other any situation that appears to violate this Policy or otherwise create undue risks to F&E Trading’s information assets.