Atlan's incident response plan for any potential network security incidents is as follows:
Incident response process
For any critical issues, the Incident Response Team will follow a structured process designed to investigate, contain, and remediate the threat as well as recover systems and services. The process includes:
- Event reported — initial notification of the incident.
- Triage and analysis — assessment of the incident's severity and potential impact.
- Investigation — detailed examination to understand the cause and scope.
- Containment and neutralization — actions to limit the impact and prevent further exploitation.
- Recovery and vulnerability remediation — restoration of systems and addressing vulnerabilities.
- Hardening and detection improvements — enhancing security measures and detection capabilities to prevent future incidents.
Key details about this process are as follows:
- Incident manager — oversees incident response efforts.
- War room — a central location, either physical or virtual (for example, Slack), dedicated to managing the incident.
- Recurring meetings — regular meetings to review the incident status until resolution.
- Notification — legal and executive staff will be informed as required.
Incident severity levels
Severity | Category | Description |
---|---|---|
P0 | Critical | Actively exploited risk involves the engagement of a malicious actor. Identifying such active exploitation is essential. Major data breach, widespread system outage, critical vulnerability being actively exploited. |
P1 | High | Active exploitation is not yet confirmed but is highly probable. The vulnerability presents a high risk, potentially causing severe performance degradation or unauthorized access to sensitive data. |
P2/P3 | Medium/Low | Suspicious or unusual behavior that has not yet been verified and requires further investigation. This includes moderate performance issues, non-critical vulnerabilities, and isolated incidents affecting a small group of users. |
Incident reporting
Atlan will report any breaches to customers, consumers, data subjects, and regulators without undue delay and in accordance with all contractual commitments and applicable legislation.
If any users become aware of an information security incident, potential incident, imminent incident, unauthorized access, policy violation, security weakness, or suspicious activity, please notify Atlan support immediately.