Skip to main content
Skip table of contents

Security Incident Response Procedures

Incident Identification

Security incidents may be identified through various means, including but not limited to:

  • Security monitoring and alerting systems (e.g., SIEM, IDS/IPS, vulnerability scanners)

  • User reports or complaints

  • System logs and audit trails

  • External threat intelligence sources

  • Third-party notifications (e.g., security researchers, law enforcement)

All potential security incidents should be reported immediately to the Security Operations (SecOps) Team via dedicated incident reporting channels:

Email: secops@thruinc.com

Phone: +1 214-096-0100

Ticketing System: Thru Help Desk

Incident Triage and Analysis

Upon receiving an incident report, the SecOps team will:

  • Acknowledge the report and assign a severity level and priority based on the established incident classification criteria.

  • Gather and analyze relevant logs, system data, and other information to understand the nature, scope, and potential impact of the incident.

  • Engage subject matter experts and stakeholders as necessary to assist in the analysis.

  • Determine if the incident is confirmed or a false positive.

Incident Response

If the incident is confirmed, the SecOps team will initiate the appropriate response procedures based on the incident type and severity, including but not limited to:

  • Implementing containment measures to prevent further damage or exposure (e.g., isolating affected systems, blocking malicious traffic, revoking access credentials).

  • Engaging the incident response team and escalating to relevant stakeholders (e.g., Dev Ops, Engineering, Legal, Executive Leadership).

  • Initiating forensic analysis and root cause investigation.

  • Implementing remediation and recovery actions to address the incident and restore affected systems and services to a secure and operational state.

Incident Reporting and Communication

Throughout the incident response process, the SecOps team will:

  • Provide regular status updates and communication to relevant stakeholders, including executives, product teams, and customers (if applicable).

  • Coordinate with external parties as necessary, such as law enforcement, incident response firms, or regulatory authorities.

  • Maintain detailed documentation and records of all incident response activities, including timelines, actions taken, and evidence collected.

Reporting of a Cyber Security Incident

In the event of a confirmed cyber security incident that impacts customer data or systems, Thru Customer Success team will notify the designated customer security and or admin contact by email and phone within 24 hours of incident discovery and confirmation. The notification will provide a brief description of the incident, estimated impact, and measures being taken for investigation and remediation.

Thru will provide the customer with regular status updates on the incident response activities, initially on a daily basis at minimum. These updates will include actions taken, findings, timelines for actions in progress and for restoring customer systems, and other pertinent details. More frequent updates may be necessary depending on the nature and severity of the incident.

A post-incident report will be delivered to the customer security team within 30 days following incident resolution. This will provide a root cause analysis, a detailed timeline of the incident response actions, learnings from the incident, and steps Thru will take to prevent a recurrence.

Incident Closure and Lessons Learned

After the incident has been contained, remediated, and resolved, the SecOps team will:

  • Conduct a post-incident review to identify areas for improvement in incident detection, response, and prevention.

  • Implement necessary changes to security controls, processes, and procedures based on lessons learned.

  • Update threat intelligence and security monitoring systems with indicators and signatures related to the incident.

  • Provide a final incident report and recommendations to relevant stakeholders.

Continuous Improvement

The SecOps team will continuously review and update these incident response procedures based on industry best practices, changes in the threat landscape, and feedback from post-incident reviews.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.