When a breach of your IT systems occurs, incident response must be fast, thorough and decisive. Immediate action is required on several fronts. Cyber threats and attacks may result in a loss of company data, brand or reputation damage, loss of intellectual property and trade secrets, denial of service to external clients, direct financial loss or penalties relating to non-compliance with regulatory privacy legislation.
The nature of the breach must be established and the losses and damage understood. Further attacks must be prevented by urgent action, while a longer-term solution is found. Effective cyber incident response requires flexibility and the ability to make proactive decisions, often with limited intelligence. Organizations affected by breaches need to manage their response, investigate and understand the root causes behind an incidents and put remediation plans in place.
The incident response lifecycle begins before an incident even occurs. Vigilant organizations can develop a proactive and responsive set of capabilities that allow them to rapidly adapt and respond to cyber incidents—and to continue operations with limited impact to the business.
We help you develop comprehensive incident response plans, implement and test these plans, and respond to incidents.
Planning and Preparation
Policy review and development. Ongoing monitoring for breaches. Installation and monitoring of forensic appliances for remote forensics. Incident response and information security training.
Emergency Incident Response
Incident containment and investigation support. Log, host and network-based forensics. Reverse engineering and analysis of malware. Status reporting and/or presentations associated with findings.
Incident Response Planning
Program review, design and development. Incident response and network monitoring training. On-demand IR staff during implementation.
Impact and damage assessment. Data breach remediation, repair and notification. Disaster recovery and business continuity planning.