Engaging the Security Engineer On-Call
The Security Incident Response Team (SIRT) is on-call 24/7/365 to assist with any security incidents. This handbook provides guidance to help identify the scope and severity of a potential security incident, followed by instructions on how to engage the Security Engineer On-Call (SEOC) if needed.
Information about SIRT responsibilities and incident ownership is available in the SIRT On-Call Guide.
Incident Severity
Before engaging the SEOC, please review the following to determine the level of engagement needed:
| Severity | Description | Examples | Action |
|---|---|---|---|
| High | Critical issues that may affect the confidentiality, integrity, or availability of Bramble services or data | 1. Brmbl.io is down for all customers 2. Confidentiality or Privacy is breached 3. Unauthorized access 4. Data loss 5. Leaked credentials |
See Engage the SEOC |
| Low | Non-urgent issues that have minimal to no impact on Bramble services or data | 1. Third party vendor vulnerability 2. Phishing 3. Customer inquiries 4. Troubleshooting device security 5. Security training questions |
For phishing related issues, see Phishing For other non-urgent issues, see Low Severity Issues |
The following are out of scope for the SIRT and should be escalated to the respective teams:
- Vulnerability reports: please escalate to Application Security
- General Customer Inquiries: please escalate to Field Security
Low Severity Issues
For general Q&A, Bramble Security is available in the #security channel in Bramble Slack.
For low severity, non-urgent issues, SIRT can be reached by mentioning @team-sirt in Slack or by opening an issue.
Please be advised the SLA for Slack mentions is 6 hours on business days.
Phishing
If you suspect you’ve received a phishing email and have not engaged with the sender, please see: What to do if you suspect an email is a phishing attack.
If you have engaged a phisher by replying to an email, clicking on a link, have sent and received text messages, or have purchased goods requested by the phisher, please engage the SEOC.
Engage the Security Engineer On-Call
If you have identified a high severity security incident or you need immediate assistance from the SIRT, there are two options available to engage the SEOC:
- Email: send an email with a brief description of the issue to
security+page@brmbl.io
This will page the SEOC. The SEOC will engage in the relevant issue within the appropriate SLA. If the SLA is breached, the Security Manager On-Call (SMOC) will be paged.
Paging the SEOC creates a new issue to track the incident being reported. Please provide as much detail as possible in this issue to aid the SEOC in their investigation of the incident.
The SEOC will typically respond to the page within 15 minutes and may have questions which require synchronous communication from the incident reporter. It is important when paging the SEOC that the incident reporter be prepared and available for this synchronous communication in the initial stage of the incident response.