First init.

2. Areas/Policies/Incident Response/Incident Response.base

@@ -0,0 +1,7 @@
+views:
+  - type: table
+    name: Table
+    filters:
+      and:
+        - file.inFolder("2. Reference/Policies/Incident Response")
+        - file.tags.contains("policy")

2. Areas/Policies/Incident Response/Response to Ransomware Attack.md

@@ -0,0 +1,17 @@
+---
+tags:
+  - policy
+---
+1. Tell users to notify IT immediately if S1 notifies of detected malware.
+
+2. Disconnect the infected PC from the network immediately and run a full scan. If you don’t know whose is infected, proceed to #3.
+
+3. Look in the root of all network shares for the most recently modified files. There should be a file called PLEASE_READ.txt or something similar. The owner of that/those files is the infected PC.
+
+4. In vSpere web client, edit settings of API-DC11. Find ‘Network adapter 1’ uncheck Connected and click OK. This is the equivalent of pulling the plug to that server’s network connection. This can be done for other vms as well.
+
+5. If it seems appropriate shut down api-nas01 and api-nas02.
+
+6. Go to the S1 console and run a full computer scan on all computers to verify nobody else is infected.
+
+7. Assess the damage and restore encrypted files.

2. Areas/Policies/Onboarding & Offboarding/Key Fob Request Workflow.md

@@ -0,0 +1,13 @@
+---
+tags:
+  - policy
+---
+1.  Manager requests fob
+   
+2. Fob is issued and employee signs acceptance form
+   
+3. The fob is recorded in ‘Fob Access.xlsx’ in ITBCP\Access Control folder
+   
+4. Form is given to HR for placement in employee’s HR folder. 
+	1. This is how HR knows to collect the fob at termination.
+	2. If there is a change regarding the fob, we let HR know

2. Areas/Policies/Onboarding & Offboarding/Onboarding & Offboarding.base

@@ -0,0 +1,7 @@
+views:
+  - type: table
+    name: Table
+    filters:
+      and:
+        - file.inFolder("2. Reference/Policies/Onboarding & Offboarding")
+        - file.tags.contains("policy")