Incident Response Plan

(last updated Aug 8, 2023)

1. Purpose

This document outlines the procedures to follow in the event of a security incident or breach at Lace Software. The goal is to respond quickly and effectively to contain, eradicate, and recover from security incidents.

2. Scope

This plan applies to any suspected or confirmed security incident involving Lace Software's information systems, networks, data, and other assets.

3. Response Team

The Incident Response Team is responsible for assessing the incident, minimizing impact, coordinating containment, eradication and recovery efforts, and keeping leadership informed.

• Network Security Engineer - Atanas Todorov

• CTO - Stanislav Stoyanov

• Legal Counsel - represented by Boris Valkov

• PR/Communications Lead - Boris Valkov

4. Incident Classification

Incidents are classified into three severity levels based on impact:

• Low: Limited data exposure, minimal service disruption

• Medium: Sensitive data exposure, significant service disruption

• High: Widespread data exposure, prolonged service outage

5. Incident Response Procedures

Detection and Analysis

• Monitoring systems and security controls will detect and alert the Incident Response Team to potential incidents.

• The team will investigate and perform an initial impact assessment.

Containment

• The team will take steps to isolate and minimize the impact of the incident, such as disconnecting affected systems.

• Evidence will be gathered and preserved.

Eradication

• The root cause of the incident will be identified and remediated.

• Affected assets will be restored.

• Additional monitoring and blocking will be implemented to prevent reinfection.

Recovery

• Business and technical operations will be restored.

• Post-incident monitoring will be conducted.

Post Incident Activity

• The Incident Response Team will document lessons learned and update policies and controls.

• Forensic investigation may be conducted.

• Legal counsel will determine regulatory notification requirements.

• Public relations response will be coordinated if needed.

6. Testing & Training

• The Incident Response Plan will be tested annually.

• Incident response training will be conducted for team members.