Incident Response

Last Updated: 29 August 2025

1. Purpose

This plan outlines how we detect, assess, and respond to security incidents affecting our website, API, or data.

2. Detection & Triage

• Monitor logs and alerts for anomalies.
• Classify severity (Low/Medium/High/Critical) and assemble the response team.

3. Containment

• Isolate affected systems, rotate credentials, and disable compromised keys.
• Apply temporary controls to prevent further impact.

4. Eradication & Recovery

• Identify root cause, remove malicious artifacts, and patch vulnerabilities.
• Restore services safely and validate integrity.

5. Notification

• Notify affected partners/users where appropriate and legally required.
• Coordinate with authorities in cases involving CSAM or legal obligations.

6. Post-Incident Review

• Document timeline, impact, and lessons learned.
• Implement corrective actions and update runbooks.

7. Contact

Urgent security issues: security@gmodprotect.org. General: contact@gmodprotect.org.