...
Every employee and user of any Tekai information resources has responsibilities toward the protection of the information assets. The table below establishes the specific responsibilities of the incident responder roles.
Response Team Members
Role | Responsibility |
IncidentManager | The Incident Manager is the primary and ultimate decision maker during the response period. The Incident Manager is ultimately responsible for resolving the incident and formally closing incident response actions. See Appendix A for Incident Manager contact information.These responsibilities include:Ensuring the right people from all functions are actively involved asappropriateCommunicating status updates to the appropriate person or teams at regular intervalsResolving incidents in the immediate term Determining necessary follow-up actionsAssigning follow-up activities to the appropriate peoplePromptly reporting incident details which may trigger breach reporting, in writing to the COO |
IncidentResponseTeam | The individuals who have been engaged and are actively working on the incident. All members of the IRT will remain engaged in incident response until the incident is formally resolved, or they are formally dismissed by the Incident Manager. |
Engineers | Qualified engineers will be placed into the on-call rotation and may act as the Incident Manager (if primary resources are not available) or a member of the IRT when engaged to respond to an incident. Engineers are responsible for understanding the technologies and components of the information systems, the security controls in place including logging, monitoring, and alerting tools, appropriate communications channels, incident response protocols, escalation procedures, and documentation requirements. When Engineers are engaged in incident response, they become members of the IRT. |
Users | Employees and contractors of Tekai. Users are responsible for following policies, reporting problems, suspected problems, weaknesses, suspicious activity, and security incidents and events. |
Customers | Customers are responsible for reporting problems with their use of Tekai services. Customers are responsible for verifying that reported problems are resolved. |
LegalCounsel | Responsible, in conjunction with the CEO and executive management, for determining if an incident presents legal or regulatory exposure as well as whether an incident shall be considered a reportable breach. Counsel shall review and approve in writing all external breach notices before they are sent to any external party. |
ExecutiveManagement | Responsible, in conjunction with the CEO and Legal Counsel, for determining if an incident shall be considered a reportable breach. An appropriate company officer shall review and approve in writing all external breach notices before they are sent to any external party.Tekai shall seek stakeholder consensus when determining whether a breach has occurred. The Tekai CEO shall make a final breach determination in the event that consensus cannot be reached. |
Management Commitment
Tekai management has approved this policy and commits to providing the resources, tools and training needed to reasonably respond to identified security events and incidents with the potential to adversely affect the company or its customers.
...
Any known violations of this policy should be reported to the COO. Violations of this policy may result in immediate withdrawal or suspension of system and network privileges and/or disciplinary action in accordance with company procedures up to and including termination of employment.
Version | Date | Description | Author | Approved by |
1.0 | 01.03.2025 | First Version | Lucas |
Appendix A - Contact Information
Contacts for IT and Engineering Management as well as executive staff and can be found Elia Elenius, COO: info@tekai.vn, +358 40 680 2552
Ossi Rajuvaara, Principal Engineer: info @tekai.vn, +358 40 519 6276
Hieu Nguyen, IT Manager: hieu@Tekai.com
Appendix B - Incident Collection Form
General Information | |||
Incident Detector's Information | |||
Name: |
| Date and Time Detected: |
|
Title: | |||
Phone: |
| Location Incident Detected From: |
|
E-mail: | |||
Additional Information: | |||
| |||
Incident Summary | ||||
Type of Incident Detected: | ||||
Denial of Service | Unauthorized Use | Espionage | Probe | Hoax |
Malicious Code | Unauthorized Access | Other: | ||
Incident Location: | ||||
Site: | ||||
Site Point of Contact: | ||||
Phone: | ||||
Email: | ||||
How was the Incident Detected: | ||||
Additional Information: | ||||
Location(s) of affected systems: | ||
Date and time incident handlers arrived at site: | ||
Describe affected information system(s) (one form per system is recommended): | ||
Hardware Manufacturer: | ||
Serial Number: | ||
Corporate Property Number (if applicable): | ||
Is the affected system connected to a network? | Yes | No |
Describe the physical security of the location of affected information systems (locks, security alarms, building access, etc.): | ||
Isolate affected systems: | ||
Approval to removal from network? | Yes | No |
If YES, Name of Approver: | ||
Date and Time Removed: | ||
If NO, state the reason: | ||
Backup of Affected System(s): | ||
Last System backup successful? | Yes | No |
Name of persons who did backup: | ||
Date and time last backups started: | ||
Date and time last backups completed: | ||
Backup Storage Location: | ||
Incident Eradication: | ||
Name of persons performing forensics: | ||
Was the vulnerability (root cause) identified: | Yes | No |
Describe: | ||
How was eradication validated: |