How to report (suspected) security incidents

How to report (suspected) security incidents

Introduction

Suspected incidents have to be reported as soon as it is noticed both by users as well as anDREa employees. These include both suspected/potential security risks, ongoing threats/attacks and data breaches. For this purpose, we have created a new department called Security-related incidents. Creating a ticket in this department will trigger a Zoho workflow for the anDREa response team. 

How and where to create the ticket

  1. Log in to support.mydre.org as a User or as Agent (support team members, anDREa employees).
  2. Go to My Tickets.
  3. Choose the security-related incidents department and click on Submit Ticket.
  4. Create a ticket in this department and submit.


Always provide as much information as you can. Important items are:
  1. When did you notice the issue?
  2. Which workspace or workspaces are affected?
  3. Which Virtual Machine or Virtual Machines are affected?
  4. How many users are affected/involved?
  5. You also optionally submit screenshots.

Zoho workflows & Data breach procedure

For example, if the subject or description of the ticket contains the keywords 'data breach', a workflow is triggered that alerts the anDREa response team and automatically assigns tasks. These will be handled with high priority. The tasks are aligned with the tasks described in Data breach procedure. The tasks will be completed by the appropriate assignees, and the progress and results will be logged in the ticket. The ticket will only be closed when a resolution has been filled in.

For (suspected) security risks a Zoho workflow will be triggered consisting of at least the logging of the incident, risk assessment and reassessment of priority and assigning additional tasks. Similar to the workflow above, tasks will be completed by the appropriate assignees, and the progress and results will be logged in the ticket. The ticket will only be closed when a resolution has been filled in.