Scribd
Upload
31 views2 pages

Information Security Incident Management

This document establishes a framework for responding to information security incidents at AECOM. It defines roles and responsibilities for an incident response team and security operations center to develop procedures, respond to incidents, and ensure consistent methodology. It also outlines requirements for notifying legal and contacting law enforcement if needed.

Uploaded by

bubbles82
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
31 views2 pages

Information Security Incident Management

This document establishes a framework for responding to information security incidents at AECOM. It defines roles and responsibilities for an incident response team and security operations center to develop procedures, respond to incidents, and ensure consistent methodology. It also outlines requirements for notifying legal and contacting law enforcement if needed.

Uploaded by

bubbles82
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Information Security Incident Management Standard T1-200-PR1

1.0 Purpose and Scope

1.1 This standard sets forth a framework to provide for the establishment of appropriate procedures, plans,
and practices to ensure a quick, effective, and orderly response to Information Security Incidents
(defined below). This may include defining processes, putting supporting policies and procedures in
place, assigning roles and responsibilities, supplying appropriate tools and materials, and identifying and
training qualified staff to perform the work in a consistent, high-quality, replicable way.

1.2 AECOM has established and will maintain a Security Operations Center (SOC) which is comprised of
Threat Intelligence Management, SIEM, Monitoring, Hunting and Forensics, and Incident Response. This
group is tasked with the responsibility of developing and, as appropriate, revising, implementing, and
communicating Incident Management procedures and processes and managing and responding to all
Information Security Incidents to ensure that AECOM responds to all Information Security Incidents with
sufficient expertise, effective processes and prompt action. This will ensure minimum damage to
AECOM’s assets and will reduce the risk of loss and other harms from Information Security Incidents.

1.3 Incident handling is a global requirement and should be managed in a coordinated, top-down fashion.
While individual security incidents can take on a very local flavor, it is important to direct their remediation
from a global perspective to ensure that a consistent methodology is used and to aggregate the
knowledge gained during each response.

2.0 Terms and Definitions

2.1 Highly Restricted Information - Highly Restricted Information or data includes any confidential or
personal Information that is protected by law or regulation or that, if compromised, has the potential of
causing a substantial adverse effect to AECOM, a client, or an individual.

2.2 Incident Handling – the logistics, communications, coordination, and planning functions needed in order
to resolve an incident in an effective and efficient manner.

2.3 Incident Management – the framework and set of functions required to enable Incident Response and
Incident Handling within an organization.

2.4 Incident Response – all of the technical components required in order to identify, analyze, contain and
remediate a Information Security Incident.

2.5 Information Security Incident (Incident) – An Information Security Incident is defined as an attempted
or successful unauthorized access, use, disclosure, acquisition, modification or destruction of AECOM
information resources; interference with information technology operations; or violation of explicit or
implied provisions embodied in AECOM security policies. Throughout this document, Information
Security Incidents may be referred to as “Incidents” or “Security Incidents.”

3.0 Reference
None

4.0 Standard

4.1 The SOC shall establish and maintain an Incident Response Team (IR Team) to respond to Incidents
that have been identified by the Monitoring Team and to manage and operationalize Incident Handling
and Incident Response in connection with a particular Incident, including to ensure prompt investigation

Information Security Incident Management Standard (T1-200-PR1)


Revision 0 May 2016
PRINTED COPIES ARE UNCONTROLLED. CONTROLLED COPY IS AVAILABLE ON COMPANY INTRANET. Page 1 of 2

©2016 AECOM Restricted


and containment of any malicious activity, accelerated problem remediation, damage control, and
problem correction services when Incidents arise.

4.2 The IR Team will be led by a member of the SOC.

4.3 Members of the IR Team must be clearly identified and entrusted with the necessary authority to define a
comprehensive set of procedures for incident handling.

4.4 If a security breach exposes Highly Restricted information, the Legal Department must be notified as
soon as possible. Due care will then be taken to satisfy the requirements of any data breach notification
laws or contractual obligations. A table documenting the contacts and notification protocols shall be
maintained by SOC personnel.

4.5 The following documents and tools will be developed and maintained by the SOC Team:
 Definitions of the roles and responsibilities assigned to SOC Team, Monitoring Team, IR Team and
identification of the functions that should be represented on each team.
 Identification of a point of contact for Incident detection and reporting and appropriate
communications throughout the organization to ensure that potential Incidents and vulnerabilities or
weaknesses that could lead to Incidents are reported promptly to appropriate channels.
 An SOC Plan addressing Incident Handling and Incident Response for various types of Information
Security Incidents, including appropriate escalation of Incidents and internal and external
communication regarding Incidents.
 Additional procedures that the SOC determines are appropriate with respect to Incident response
planning and preparation; logging incident management activities, handling forensic evidence,
contacts with law enforcement and other external parties related to Incidents, assessment of
information security events and weaknesses; escalation for Incidents when appropriate; and
reducing the likelihood or impact of future incidents through knowledge gained from analyzing and
responding to Incidents.

4.6 All Information Security Incidents must be handled with the involvement and cooperation of:
 The AECOM SOC Team
 In-house subject matter experts who will augment the SOC team as needed.
 Approved external consultants and agencies (as required or determined appropriate by the IR
Team).
 and approved by the Chief Information Security Officer
4.7 AECOM’s policy is to cooperate with law enforcement as may be appropriate while maintaining privacy,
confidentiality, privilege and other rights as appropriate. In the case of an incident, the Chief Information
Officer must approve the decision to contact any law enforcement agency. This decision will be made
following consultation with the Legal Department.

5.0 Records

None

6.0 Attachments
None

Information Security Incident Management Standard (T1-200-PR1)


Revision 0 May 2016
PRINTED COPIES ARE UNCONTROLLED. CONTROLLED COPY IS AVAILABLE ON COMPANY INTRANET. Page 2 of 2

©2016 AECOM Restricted

You might also like