DIREKT Security Incident Response¶
Severity¶
- SEV-1: active large-scale or high-impact compromise/safety risk;
- SEV-2: serious contained exposure or trust-integrity failure;
- SEV-3: limited vulnerability/incident;
- SEV-4: low-risk event/near miss.
Process¶
Detect → declare → contain → preserve evidence → eradicate → recover → communicate/notify → post-incident review.
Roles¶
Incident commander, technical lead, security/privacy/legal liaison, operations/support and communications. One person may fill multiple roles early, but authority is explicit.
Immediate actions¶
- rotate/revoke compromised secrets/sessions;
- block unauthorized evidence access;
- freeze affected trust/payment operation;
- preserve logs;
- avoid destroying forensic data;
- use approved private communication.
Communication¶
No speculation. State known impact, actions and user steps. Legal review decides regulatory/data-subject notification.
Post-incident¶
Root cause, timeline, control gaps, customer/provider remedy, owners/dates, test addition and risk-register update.