Security
      Back to home
      1. Help Center
      2. Security

      Kongo Incident Response Plan (IRP)

       

      1. Preparation

      • Maintain an inventory of all critical assets and ensure appropriate security measures are in place for protection.
      • Conduct regular training for all employees on identifying security threats and the correct reporting procedures.
      • Establish a communication plan for internal and external stakeholders.

      2. Identification

      • Implement monitoring tools to detect potential security incidents.
      • Establish clear criteria for what constitutes a security incident.
      • Ensure all employees know how to report a suspected incident.

      3. Containment

      • Short-term: Isolate affected systems to prevent the spread of the incident.
      • Long-term: Determine which systems can be brought back online safely while maintaining business operations.

      4. Eradication

      • Remove the root cause of the incident and any related malware or vulnerabilities.
      • Update or patch systems to prevent similar incidents.

      5. Recovery

      • Restore systems and data from backups if necessary.
      • Monitor affected systems for any signs of compromise or recurrence.
      • Return operations to normal and confirm that all systems are functioning normally.

      6. Lessons Learned

      • Conduct a post-incident review to identify the cause, the effectiveness of the response, and areas for improvement.
      • Update the IRP, security controls, and training materials based on the findings.
      • Communicate with stakeholders about the incident and steps taken to prevent future occurrences.

      7. Documentation

      • Keep detailed records of the incident’s timeline, impact assessment, response actions, and post-incident analysis.
      • Maintain logs as per legal and regulatory requirements.

      8. Communication

      • Notify internal stakeholders, affected customers, and regulatory bodies if necessary.
      • Designate a spokesperson for external communications to manage public relations.

      9. Response Time

      • Detection and Identification: Ideally should be immediate, with monitoring tools sending alerts as soon as anomalies are detected.

      • Initial Response: This includes recognising the alert, assessing it for validity, and escalating it to the appropriate personnel. This should occur within minutes of the alert.

      • Containment: Once an incident is confirmed, containment should begin promptly to prevent further damage. The initial containment should be quick, aiming for minutes to a few hours, depending on the complexity of the incident.

      • Eradication and Recovery: These phases can take longer, from several hours to days, especially if external help is needed. The key is to ensure that the threat is completely removed before systems are brought back to normal operation.

      • Post-Incident Analysis: After recovery, a post-mortem analysis should be conducted to understand the incident and improve future responses. This can take place days or even weeks after the incident, depending on its severity.

      Roles and Responsibilities:

      • Incident Response Team Lead: Oversees the response, ensures the plan is executed effectively.
      • Legal Advisor: Handle legal implications and compliance matters.

      Contact Information:

      • Internal Contacts: Adrian Bortignon (0414 280 097)
      • External Contacts: Legal Counsel JRT Partnership

      Review and Testing:

      • Review the IRP annually and after every significant incident.
      • Conduct tabletop exercises or simulations bi-annually to test the effectiveness of the plan.