Policy Incident Management

Created by Venkat Pothamsetty, Modified on Mon, 30 Jun at 12:53 PM by Venkat Pothamsetty

Incident Management Policy - Korr

Purpose

This policy establishes requirements and guidelines for identifying, responding to, and resolving security incidents affecting Korr's AWS infrastructure. It aims to ensure consistent and effective incident handling while minimizing impact.

Scope

This policy applies to all security incidents involving Korr's AWS resources, systems, and data.

Policy Owner

The DevOps/Security team owns this policy and is responsible for its maintenance and enforcement.

Incident Severity Levels and Response Times

Severity	Description	Initial Response	Resolution Target
Critical	Service outage, data breach, or critical system compromise	30 minutes	4 hours
High	Significant security event with potential for harm	2 hours	8 hours
Medium	Limited security event with contained impact	4 hours	24 hours
Low	Minor security event with minimal impact	8 hours	48 hours

Incident Response Process

Detection & Reporting
- Monitor AWS GuardDuty and Inspector alerts
- Review AWS CloudWatch logs
- Accept incident reports from users/systems
- Document initial incident details
Assessment
- Determine incident severity and scope
- Identify affected systems and data
- Evaluate potential impact
- Assign response team
Containment
- Isolate affected systems
- Block malicious activity
- Preserve evidence
- Implement temporary fixes
Resolution
- Remove threat source
- Restore affected systems
- Verify security controls
- Document resolution steps
Post-Incident
- Conduct root cause analysis
- Update security controls
- Document lessons learned
- Review policy effectiveness

Documentation Requirements

Incident timeline and details
Actions taken and results
Root cause findings
Remediation steps
Preventive measures

This policy will be reviewed annually and updated based on incident learnings and industry best practices.