ISPOL-90-01-Parveen

Introduction to Information Security Policy 90, Incident Management & Response ISPOL 90 outlines the high-level responsibilities, practices, and reporting requirements for information security incidents. These requirements control and minimize the impact of an information security incident by establishing a process to report and address the incident. Incident response procedures include reasonable and appropriate methods to control and remediate information security incidents affecting critical information technology resources that are controlled by Intel. Intel established requirements are set forth for end users and systems on incident response training, testing, handling, monitoring, reporting, and response assistance. Policy 90 defines an information security incident as a violation of information security policies, acceptable use policies, or security practices. It could even be an imminent threat of violating one of these. Such violations can lead to adverse events, including: compromised integrity or data, denial of service, loss of accountability, or damage to any part of a system. Examples of systems range from laptops and mobile devices to factory automation, robots, and IoT devices. Even networking equipment, backup devices and cloud services count as systems. Each system has a lifecycle. Throughout it, appropriate incident response capabilities, procedures, and mechanisms must be defined, updated, and maintained. Workers are required to immediately report any suspected incidents, violations, or suspicious behavior to IT Information Security. Examples of reported events are disclosure of classified information or loss of computing systems. Policy 90 also outlines the Information Security Incident Investigation Policy, explaining that only IT Information Security authorized individuals are allowed to investigate incidents. Additional IT Information Security responsibilities in response to a security incident include: Escalation to other parties, reporting to outside authorities, and overseeing corrective activity. Further, IT Information Security response teams will conduct a review following major security incidents. The review will focus on identifying root cause, process improvements, and developing enhanced or additional controls to limit the frequency, damage, and cost of future occurrences. The IT Emergency Response Process, or ITERP, is the process Intel uses to respond to an information technology emergency incident or crisis. The IT Information Security incident management process coincides with the ITERP and Crisis Management processes to help determine whether an information security incident or violation is isolated or if it also qualifies as a crisis or ITERP event. Information Security Policy 90, Incident Management & Response, assures that during information security incidents and times of crisis, the negative impact of them is minimized through appropriate controls and processes. This and other updated Information Security Policies, supporting documents, and our improved policy portal should make it easier for you to locate and understand our corporate information security requirements. They can be found on our corporate policy repository, Policy Central. Visit goto/InfoSecPolicies to learn more or ask questions. Thank you for your help to keep Intel secure!