User:Dsharpe/Sandbox
 | This is a user sandbox, a space to experiment with editing. |
| Severity | Containment SLA | Communications and Handling | Impact | ||||
|---|---|---|---|---|---|---|---|
| Examples | Financial Impact | People | Reputation | Legal & Compliance | |||
| Sev-1 (grave) | 1 hour | All hands on deck. Incident coordinator.
Bridge up, swarm to incident IRC channel. Crisis comms. Regular updates to senior leadership and Board. |
1. One or more *.wikipedia.org sites down or unreachable
2. Exfiltration of sensitive Foundation data 3. Breach of donation processing systems |
$20M or greater | Fatality or severe injury | End of Services | Restructuring of the organization, fines and litigation at or exceeding $20M |
| Sev-2 (critical) | 2 hours | All hands on deck. Incident coordinator.
Bridge up, swarm to incident IRC channel. Crisis comms. Regular updates to senior leadership and Board. |
1. Root access by human intruder on one or more servers, or internet-facing router or firewall
2. Targeted malware or web shell on 1 or more servers 3. Publicly available exploit exists for unpatched internet-facing vulnerability 4. Reports of rogue content or backdoors embedded in downloaded IT software packages or source code |
$10-19M | Impairment or extensive injury | Broad media coverage (internet, television, print), C-level departures | Breach of regulation with fines and litigation up to $19M |
| Sev-3 (significant) | 4 hours | Select resources respond. Regular comms updates to ???. | 1. One or more non-Wikipedia.org sites down or unreachable
2. Commodity malware on 1 or more servers 3. Malware or intrusion affecting 1 WMF client machine with production server root access 4. Reported vendor breaches or data leakages, e.g. Namely, credit card processing vendor, banks 5. Leaked private key, or password to critical or sensitive system or data |
$1-9M | Short term disability | Moderate media coverage for an extended period of time (internet articles). Loss of readers/editors | Breach of regulation with accompanying compliance body auditing/investigation. Fines and legal costs up to $9M |
| Sev-4 (threatening) | 8 hours | Select resources respond. Regular comms updates to ???. | 1. Theft of WMF payment or funds (e.g. successful BEC phish or payment fraud)
2. Abuse report of malicious or unwanted activity coming from WMF address space 3. Reports of theft from, or unauthorized access to, travel, benefits, or other office systems |
$100K-999K | Significant medical treatment | Local media coverage, complaints to management | Breach of regulations, minor fines and legal costs |
| Sev-5 (informational) | 24 hours, or next business day | 1. Phishing
2. Malware or intrusion affecting 1 WMF client machine with no production server root access |
Less than $100K | First aid or minor medical treatment | No media coverage, complaints on mailing lists | Minor legal issues or breach of regulations | |