Chapter 7 DXp InformatIon SeCurIty Secure Incident Management Define standard operating procedures (SOPs) to respond to security incidents. The security monitoring infrastructure should be able to immediately recognize security incidents, and the security incident management process should report and address the security breaches. The security monitoring infrastructure should report suspicious transactions. Establish processes and responsibilities to address the security incidents based on its severity. Database Level Security Create specific nonadmin database users for the application. Restrict the access to nonapplication schemas and other database packages for the application user. Instead of storing the database user details in plain text, encrypt them or define application server level data sources. Only the DBA user should be allowed to perform operations such as database object creation and modification. Application users should be restricted to do create, read, update and delete (CRUD) operations. Sharing the Data with External Systems When the application shares data with external systems and services, it should be strictly based on agreed contracts and should comply with legal regulations. Sharing of private data needs consent from the information owners. The mode of transmission and information loss responsibility should be agreed upon by all parties during the information exchange. The confidentiality, integrity, and availability of the data should be maintained during information exchange. Security Awareness and Training All the stakeholders of the organization should be aware of the security processes and policies. In order to achieve that, the organization should conduct mandatory security awareness training for all the employees and they should be made aware of security best practices. In addition to training programs, employees who are handling secure information should undergo mandatory security certification. 210