Cyber Security Escalation Guidance

From ITW Envopak Wiki
Revision as of 15:26, 26 February 2019 by Amie (talk | contribs) (Created page with "Background The purpose of this Audit Services Bulletin is to help increase awareness of ITW’s Corporate Cyber Response requirements. Please review the information below an...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Background The purpose of this Audit Services Bulletin is to help increase awareness of ITW’s Corporate Cyber Response requirements. Please review the information below and to the extent you have any questions please contact your Segment IT Director or ITW’s Director of Cyber Security, Robyn Clark, at [email protected] or +1-224-661-7132. ITW has established a Cyber Incident Response Team (CIRT) at the Corporate level to coordinate our response to critical issues that have, or have the potential to have, a significant impact on ITW's business, reputation, employees, customers, or suppliers. Members of the CIRT are senior leaders from Audit, Communications, Cyber Security, HR, IT, Legal and Treasury. The CIRT has developed the following requirements for Division response planning: Key ITW Corporate Cyber Response Requirements Tools and Templates • Each Division should develop and implement a cyber security incident response plan and test it annually through a tabletop exercise (as required in BRAVE). 

Incident Response Plan

• Incident response plans should include potential escalation to the ITW Corporate Cyber Incident Response Team (CIRT) according to the Cyber Security Escalation Levels Guide.

Cyber Security Escalation Levels Guide • Each Division should create an Incident Response Team (IRT) who will collaborate to respond to cyber security incidents and determine when escalation to the CIRT is appropriate.

Incident Response Team Contact List • ITW employees should maintain the confidentiality of all information regarding any cyber security incident and/or investigation. ITW employees should not communicate with any media, family, friends, or anyone else outside of the company regarding the incident unless authorized to do so in conjunction with Legal and the CIRT.


• Cyber incidents should be documented and stored in case of further investigation. Divisions can reference the “RCA for Critical Incident Template” from the Response SharePoint site for this purpose.

Root Cause Analysis (RCA)

Response planning prepares the organization to respond to potential cyber security issues by identifying an Incident Response Team (IRT), defining an incident management process, and creating alignment to Corporate Cyber Incident Response guidelines. The above information can be accessed through the Information Technology Response website (ITW Connect / Information Technology / Information Security / BRAVE / Response Planning).

Retrieved from ‘http://itw-wiki.whiteroomonline.co.uk/index.php?title=Cyber_Security_Escalation_Guidance&oldid=99