Reporting Security Incidents

Take note

Safeguarding the confidentiality, integrity, and availability of digital assets is of utmost importance in IMS. This guide is created to empower you, the IMS user, to handle Information Security Incidents effectively. If you face security issues, e.g.,  auto-login failures, report them to Cenosco's Security Committee. This will ensure prompt attention and appropriate action are implemented to mitigate potential harm and prevent further damage. This document outlines Cenosco's process for reporting and managing security incidents, providing guidance on common types of threats and offering real-world examples.

What are Information Security Incidents?

An Information Security Incident is defined as an event that can affect the confidentiality, integrity, or availability of information. Such events demand prompt attention and appropriate action to mitigate potential harm and prevent further damage.

Types of Security Incidents

Common Types of Security Incidents include:

• Unauthorized access to systems or data,

• Privilege escalation,

• Phishing attacks,

• Malicious software/malware attacks,

• Denial-of-service (Dos) Attacks,

• Man-in-the-middle (MitM) attacks,

• Password attacks,

• Web application attacks.

Here are some examples of Security Incidents:

• Unauthorized attempts to access systems or data,

• Activation code security breach,

• Vulnerability exploitation,

• Malware infection.

Reporting an Incident

If you encounter a security incident, immediately report it to the Security Committee via email at security.committee@cenosco.com.

Upon receiving the notification, the team will initiate a thorough investigation, assessing the extent of the issue and collaborating with relevant departments to address the problem. The objective is to contain and eliminate the threat and recover to a secure state. Insights gained from the incident will be used to improve future prevention, detection, and response efforts.