As part of this implementation, various tools and
technologies are deployed to monitor, detect, prevent and respond
such that information is protected. These tools pick up what are
called events and analyses them to look for events that is a risk
or could or causes damage. An event is any observable occurrence in
a system or network e.g. a connection to a web server, an email, a
firewall blocking a connection attempt, a system crash, etc. An
event with a negative consequence, such as a malware execution that
results in data deletion, use of or attempt to use system
privileges without authorization, access to or attempt to gain
access information without authorization, unwanted denial of
service, unauthorized physical access to restricted areas, leaving
sensitive information unattended leading to misuse or loss, etc. is
an adverse event.
How to Identify an Information Security Incident
When an event is relevant to the security of information, it
is called a Security Event and if there is a compromise or risk or
damage to information security assets or information such that it
adversely affects or could adversely affect the confidentiality,
integrity, availability of information, it is termed as an
information security incident.
TechM defines information security incidents in our policy as
all security and policy violations, security weaknesses, software
malfunctions causing security or privacy impact, misuse of I.T
resources, cyber security attacks, information leakage, physical or
environmental security violations, violations of Tech Mahindra
information security policy and procedures, breach of client
contractual obligations related to information security or privacy
protection requirements or applicable legal laws, any other event
which may have an adverse impact on Tech Mahindra and / or its
clients (where TechM and its associates are directly responsible)
information systems or business or any physical event that
compromises confidentiality, Integrity, availability, security and
safety of TechM assets is considered as Incident or Security
Incident.
Examples of Information Security
Incidents
- Sending or uploading project or other confidential
information to personal email or web or other offline storage or
with unauthorized persons
- Using or uploading information or code on code repository
or similar sites without approval and protective measures
- Unauthorized download or installation of software
- Downloading or using or installing cracks or cracked
versions of software or using unauthorized software such as bit
torrent
- Bringing unauthorized personal devices within TechM
premises or restricted areas
- Sharing of passwords
- Visiting non-business or unauthorized websites.
- Downloading or storing songs, videos or other personal
photographs or material
- Misuse of client proxy for personal browsing
- Hosting servers, applications on the internet or cloud
without security testing and ISG approval
What is a Data Privacy Incident?
A Data Privacy Incident is an adverse event where personal or
sensitive personal information is impacted, not limited to
unauthorized use or disclosure or deletion and which has happened
as a result of violation of TechM or its customers or required
legal/ contractual/ statutory requirements or other business
requirements or best practices or stated guidelines or even as a
result of malicious intent or lack of prudential judgement or by
accident or has happened even due to application or system or
process errors / gaps / failures.
Examples of Data Privacy Incidents
- Sending employee personal information to unauthorized
persons
- Keeping personal information of employees at an insecure
location without encryption or proper access control
- Exposure or leakage of customer information related to
client project due to application error
Where do I find the Incident Management Policy?
The purpose of Tech Mahindra Incident Management Policy is to
establish and enforce incident response preparedness for computer
and non-computer related incidents and is available on the BMS
Portal.
Incident Management
Policy
Incident Management
Procedure
Why and Where do I report Information Security Incidents
Information Security Incidents due to cyber-attacks by cyber
criminals, malicious insiders or outsiders and errors can lead to
the loss and disclosure of confidential and personal information
and adversely affect the working of our company business. Efficient
handling of any incident can reduce its impact and prevent
re-occurrence.
Users should report suspected Security or Data Privacy Incidents immediately on Incident Management Portal.
Suspected Data Breaches have stringent timelines for reporting it to Customers and Regulatory Authorities.
Path : Twingo > Security Incident Management System. Link is provided below
Information Security Incidents can be reported at the below
links on the Incident Management System (IMS) Portal
Internet users can use the below
link to report an incident
Report Security Incident
Users can also report Incident from Twingo Home Page.
For any queries write to : ISG
IncidentManagementGroup
Each incident is investigated and responded by incident response team led by Incident Manager.
Identified Incident Response Teams with the required domain competency and are constituted to review, take immediate containment actions,
perform an RCA and resolve reported incidents by implementing corrective actions within a stipulated SLA.
Disciplinary action is taken against the associate(s) as per the disciplinary policy.