Detecting a security incident in our organization starts with:
1. Immediate activation of the incident team: the CEO, the VP of operations and the head of development
2. Identification of the type of incident: data leakage or compromise, unauthorized access, information interception, ransomware, blocking legitimate access.
3. Stop all users and systems from accessing the system immediately.
4. document the incident;
5. In the event of data leakage or compromise or unauthorized access, contact the Amazon security team immediately or within 24 hours at email@example.com
6. apply corrections to the system so that the failure does not recur in the future
Considering the complexity of security levels and ways of attacking cybercriminals today, we do a bi-monthly review of security control and incident response protocols.