Lesson Progress
0% Complete
  1. Initial notification to ISOC team by monitoring devices or through formal communication means.
  2. Confirm the type of incident.
    2.1 Confirm the type of incident out of kinds like:
     Stolen laptop.
     Website with confidential data in public access.
     Upload of data to external online storage.
     Data sent to unintended recipients.
    2.2 Confirm whether it’s a real incident.
     Whether PII or confidential data is confirmed to be in public access.
     Whether data is sent to unintended recipients.
  3. For stolen laptops.
    3.1 Notification comes through remedy.
    3.2 Open the incident in ISOC portal.
    3.3 Cross verify the user details present in the remedy ticket with organization user directory.
    3.4 Check with Unisys whether disk encryption is configured on the laptop in consideration.
    3.5 If the disk encryption is present then contact the affected user to get his domain credentials reset, if the
    User is not reachable then contact Unisys to get the domain credentials reset.
    3.6 Ask the user to file a police complaint.
    3.7 Get crime reference number from the user and ask the user to use the crime reference number for requesting a new laptop.
    3.8 Close the incident.
    3.9 For cases where disk encryption is not found, inform global privacy team.
    3.10 Get confirmation from global privacy team on further steps.
    3.11 Close the incident after global privacy team’s confirmation.
  4. For website with confidential data in public access.
    4.1 This alert is reported to ISOC through email.
    4.2 Open the incident in ISOC portal.
    4.3 Confirm the web site URL and the hosting location.
    4.4 Bring the Site down immediately.
    4.5 Confirm the respective agency name and contact details.
    4.6 If agency name is not present in the inventory then contact digital solutions team.
    4.7 Contact the agency and ask for business justification.
    4.8 Get the feature or vulnerability removed from the website, which allows public access of PII or confidential Data.
  5. For upload of data to external online storage.
    5.1 This alert mostly comes from Darktrace.
    5.2 Open the incident in ISOC portal.
    5.3 Contact the user in consideration and ask for the type of data being uploaded and business justification.
    5.4 If there is a valid business justification then close the incident.
    5.5 If there is no business justification then ask the user to delete the data from external storage.
    5.6 Inform the line manager.
    5.7 Close the incident.
  6. For data sent to unintended recipients.
    6.1 This alert would come through email.
    6.2 Confirm with the relevant people whether the data was a confidential or PII data.
    6.3 Open the ISOC incident
    6.4 If the data was confidential or PII data
     Inform global privacy team.
     If the data was sent to only Unilever email addresses then communicate to the concerned users that
    The data has been sent to them by mistake and it needs to be deleted, not to be forwarded to personal email addresses.
     Ask Avanade team to delete the read and unread copies from recipients’ mail boxes.
     If the data was sent to email addresses outside Unilever as well then wait for directions from
    Global privacy team.
     Close the incident as per the directions from Global privacy team.
    6.5 If the data was not confidential or PII then record the findings and close the ISOC incident.
    Closure Guidelines
    1) Incident should be recorded in Data breach portal. http://inside.unilever.com/legal/guidance/Privacy/Lists/Data%20Breach%20Notification/AllItems.aspx?&&View={dd52362b-1200-4083-8f5e-d385a2fc519c}&SortField=Created&SortDir=Desc
    2) Involve Global privacy team till the closure of the incident.