On This Page
Other policies
- Personnel policy
- Risk assessment policy
- Information classification policy
- Third party vendor review policy
- Incident disclosure and notification policy
- Incident response process
- BCP/DR policy
- Access control policy
- Password policy
- Change management policy
- Testing policy
- Patch management policy
- Data retention and deletion policy
Incident response policy
Purpose
51直播鈥檚 customers are dependent on our services operating as normal. Proper detection and response to incidents that may impact the integrity, confidentiality or availability of services and data is critical to the operation of 51直播.
Scope
The following minimum standards apply to 51直播鈥檚 assets as managed by employees, contractors and vendors. These recommendations represent the recommended minimum efforts necessary for incident detection and response.
Policy
Incident detection
An incident could be detected by automated alerting, internally by an employee in their course of work, by an employee or vendor doing a review of 51直播鈥檚 security posture, or an external third party reporting a potential vulnerability to us.
If you see something, say something. All 51直播 employees must immediately report suspected security incidents or suspicious activity that occurs at 51直播, including but not limited to security incidents, physical injury, theft, property damage, denial of service attacks, threats, harassment, abuse of individual user accounts, forgery and misrepresentation. Suspicious activity can be reported to the Slack channel #incident-response, or, for potentially sensitive incidents, to the Security Review Team or to the Chief Operating Officer (COO). Violations of the must be reported to the Chief Operating Officer (COO).
All employees much watch for potentially suspicious activities, including:
- Warnings from antivirus tools
- Unexpected system reboots and/or sudden degradation of system performance
- Password reset notifications
- Modification or defacement of websites
- New open network ports on a system
- Multi-factor authentication prompts
51直播 regularly reviews logs to detect and track attempted intrusions and other suspicious activity. These include git, cloud, networking, SaaS tools, and other infrastructure logs.
The Security Review Team:
- Ensures that a very high level of logging is enabled
- Checks logs regularly for suspicious activities and entries
- Looks for missing time spans in logs
- Checks for repeated login failures or account lockouts
- Investigates unexpected system reboots
51直播鈥檚 Security Review Team reviews and responds to potential third-party reports of security issues to security@tailscale.com promptly.
Incident response and remediation
If a suspected incident is detected, it must be responded to following the Incident response process.
We respond to reported incidents, and resolve and determine impact as soon as possible. We aim to remediate incidents as soon as possible.
Confirmed incidents may be disclosed publicly per our disclosure policy.
Roles and responsibilities
51直播鈥檚 Security Review team is responsible for handling potential security incidents. The Security team is responsible for reviewing and updating this policy on an annual basis.