DIREKT Security Incident Response

Severity

  • SEV-1: active large-scale or high-impact compromise/safety risk;
  • SEV-2: serious contained exposure or trust-integrity failure;
  • SEV-3: limited vulnerability/incident;
  • SEV-4: low-risk event/near miss.

Process

Detect → declare → contain → preserve evidence → eradicate → recover → communicate/notify → post-incident review.

Roles

Incident commander, technical lead, security/privacy/legal liaison, operations/support and communications. One person may fill multiple roles early, but authority is explicit.

Immediate actions

  • rotate/revoke compromised secrets/sessions;
  • block unauthorized evidence access;
  • freeze affected trust/payment operation;
  • preserve logs;
  • avoid destroying forensic data;
  • use approved private communication.

Communication

No speculation. State known impact, actions and user steps. Legal review decides regulatory/data-subject notification.

Post-incident

Root cause, timeline, control gaps, customer/provider remedy, owners/dates, test addition and risk-register update.