Security and Incident

Security and Incident

Security and Incident

Security and Incident Response Plan 

Having a well-documented and regularly reviewed security incident response plan in place can help Northfork quickly and effectively respond to security incidents, minimize the damage, and prevent future incidents.

Preparation

This section outlines the preparatory steps necessary to establish an effective security incident response plan. This includes defining the scope of the plan, identifying the types of security incidents that are covered, establishing a clear chain of command, developing procedures for incident response, conducting regular security training, and reviewing and updating the incident response plan and procedures regularly.

  • Define the scope of the plan and identify the types of security incidents that are covered.

  • Establish a clear chain of command and roles and responsibilities for incident response team members.

  • Develop an incident response plan that includes procedures for detection, containment, analysis, eradication, and recovery.

  • Conduct regular security training and awareness for employees to prevent security incidents.

  • Review and update the incident response plan and procedures regularly.


Detection and Analysis

This section outlines the procedures for detecting and analyzing security incidents. This includes monitoring Northfork's systems and network for signs of security incidents, using tools like AWS Cloudwatch, Datadog, and Pagerduty to detect and alert the appropriate personnel, conducting an initial assessment of the incident to determine its severity and potential impact on Northfork's systems and data, and collecting and preserving evidence related to the incident.

  • Monitor Northfork's systems and network for signs of security incidents using AWS Cloudwatch, Datadog, and other tools.

  • Use Pagerduty to alert the appropriate personnel if any suspicious activity or anomalies are detected.

  • Conduct an initial assessment of the incident to determine its severity and potential impact on Northfork's systems and data.

  • Collect and preserve evidence related to the incident.


Containment and Eradication

This section outlines the procedures for containing and eradicating security incidents. This includes isolating affected systems and devices to prevent further damage or data loss, determining the source and cause of the security incident and taking steps to eradicate the threat, patching vulnerabilities or applying other mitigation strategies as necessary, and ensuring that any malware or other security threats are completely removed from affected systems.

  • Isolate affected systems and devices to prevent further damage or data loss.

  • Determine the source and cause of the security incident and take steps to eradicate the threat.

  • Patch vulnerabilities or apply other mitigation strategies as necessary.

  • Ensure that any malware or other security threats are completely removed from affected systems.


Recovery

This section outlines the procedures for restoring systems and data after a security incident. This includes restoring systems and data from backups as soon as possible to minimize downtime and data loss, verifying that systems and data are functioning properly and free from malware before restoring them, and implementing additional security measures to prevent future security incidents.

  • Restore systems and data from backups as soon as possible to minimize downtime and data loss.

  • Verify that systems and data are functioning properly and free from malware before restoring them.

  • Implement additional security measures to prevent future security incidents.


Post-Incident Activities

This section outlines the procedures for conducting post-incident activities. This includes conducting a thorough analysis of the security incident and Northfork's response to identify areas for improvement, updating the security incident response plan based on lessons learned from the incident, providing a summary report to relevant stakeholders, including employees, customers, and partners, and ensuring that all communication about the security incident is clear, transparent, and timely to maintain trust with stakeholders.

  • Conduct a thorough analysis of the security incident and Northfork's response to identify areas for improvement.

  • Update the security incident response plan based on lessons learned from the incident.

  • Provide a summary report to relevant stakeholders, including employees, customers, and partners.

  • Ensure that all communication about the security incident is clear, transparent, and timely to maintain trust with stakeholders.


Feedback

We are actively working to increase the accessibility and usability of our website and in this respect we welcome user recommendations. Users can get in touch by sending an email to the following email address: support@northfork.io



Accessibility

Northfork works to ensure that its website is as user-friendly as possible, and always in accordance with local web accessibility legislation. What does it mean?

Web accessibility aims to make web texts, images, forms and navigation accessible and understandable to the general public. It also looks to uphold equal opportunity and equal access to information for people with disabilities, according to the UN Convention on the Rights of Persons with Disabilities.

This website has continues optimising to meet 'world wide web consortium' (W3C) standards.

Northfork webpages should evaluate its assessibility based on the four WCAG 2.0 principles: perceivable, operable, understandable and robust. These particular standards enable access to a wide range of users, for instance people with blindness, deafness or learning difficulties.


Despite our efforts to achieve full website accessibility, certain material e.g documents in PDF format found on some pages may not yet be optimised. We constantly work to make this website entirely compliant.



Compliance

In order to meet evolving web accessibility criteria, Northfork take into account aspects such as: 'alt tags' - image descriptions which help users working with screen readers to understand what the pictures are about contrast between text and background - which is adjusted to be readable navigability - keyboard-only navigation is available for users who have problems using a mouse 'go to content' link - which lets users reach the main content directly by bypassing the header seamless spam protection - which shelters users from fake sign-ups without interacting with their website experience.


Feedback

We are actively working to increase the accessibility and usability of our website and in this respect we welcome user recommendations. Users can get in touch by sending an email to the following email address: support@northfork.io

Security and Incident Response Plan 

Having a well-documented and regularly reviewed security incident response plan in place can help Northfork quickly and effectively respond to security incidents, minimize the damage, and prevent future incidents.

Preparation

This section outlines the preparatory steps necessary to establish an effective security incident response plan. This includes defining the scope of the plan, identifying the types of security incidents that are covered, establishing a clear chain of command, developing procedures for incident response, conducting regular security training, and reviewing and updating the incident response plan and procedures regularly.

  • Define the scope of the plan and identify the types of security incidents that are covered.

  • Establish a clear chain of command and roles and responsibilities for incident response team members.

  • Develop an incident response plan that includes procedures for detection, containment, analysis, eradication, and recovery.

  • Conduct regular security training and awareness for employees to prevent security incidents.

  • Review and update the incident response plan and procedures regularly.


Detection and Analysis

This section outlines the procedures for detecting and analyzing security incidents. This includes monitoring Northfork's systems and network for signs of security incidents, using tools like AWS Cloudwatch, Datadog, and Pagerduty to detect and alert the appropriate personnel, conducting an initial assessment of the incident to determine its severity and potential impact on Northfork's systems and data, and collecting and preserving evidence related to the incident.

  • Monitor Northfork's systems and network for signs of security incidents using AWS Cloudwatch, Datadog, and other tools.

  • Use Pagerduty to alert the appropriate personnel if any suspicious activity or anomalies are detected.

  • Conduct an initial assessment of the incident to determine its severity and potential impact on Northfork's systems and data.

  • Collect and preserve evidence related to the incident.


Containment and Eradication

This section outlines the procedures for containing and eradicating security incidents. This includes isolating affected systems and devices to prevent further damage or data loss, determining the source and cause of the security incident and taking steps to eradicate the threat, patching vulnerabilities or applying other mitigation strategies as necessary, and ensuring that any malware or other security threats are completely removed from affected systems.

  • Isolate affected systems and devices to prevent further damage or data loss.

  • Determine the source and cause of the security incident and take steps to eradicate the threat.

  • Patch vulnerabilities or apply other mitigation strategies as necessary.

  • Ensure that any malware or other security threats are completely removed from affected systems.


Recovery

This section outlines the procedures for restoring systems and data after a security incident. This includes restoring systems and data from backups as soon as possible to minimize downtime and data loss, verifying that systems and data are functioning properly and free from malware before restoring them, and implementing additional security measures to prevent future security incidents.

  • Restore systems and data from backups as soon as possible to minimize downtime and data loss.

  • Verify that systems and data are functioning properly and free from malware before restoring them.

  • Implement additional security measures to prevent future security incidents.


Post-Incident Activities

This section outlines the procedures for conducting post-incident activities. This includes conducting a thorough analysis of the security incident and Northfork's response to identify areas for improvement, updating the security incident response plan based on lessons learned from the incident, providing a summary report to relevant stakeholders, including employees, customers, and partners, and ensuring that all communication about the security incident is clear, transparent, and timely to maintain trust with stakeholders.

  • Conduct a thorough analysis of the security incident and Northfork's response to identify areas for improvement.

  • Update the security incident response plan based on lessons learned from the incident.

  • Provide a summary report to relevant stakeholders, including employees, customers, and partners.

  • Ensure that all communication about the security incident is clear, transparent, and timely to maintain trust with stakeholders.


Feedback

We are actively working to increase the accessibility and usability of our website and in this respect we welcome user recommendations. Users can get in touch by sending an email to the following email address: support@northfork.io