Incidents resulting from natural or man-made events, human error, rogue employees, network hacks, unauthorized accesses, network, systems/applications outages, or data loss can happen at any time–even with the best planning, infrastructures, and security controls.  So you need to be prepared in terms of how to respond. Our Incident Response Team can be engaged quickly to assess the scope of the incident and determine an appropriate action plan to include internal and external communications as may be appropriate or legally required.  After ensuring the safety of all organization personnel and reviewing your incident response plan (if one exists) and contacting your legal counsel and insurance provider(s) to assess obligations and coverages, you can engage our team.  We follow the Diamond Model of Intrusion Analysis, which involves identifying the four components of a breach–the victim, the capability, the infrastructure, and the adversary.  This approach allows us to quickly identify and determine:

• Priority stop-gap measures that must be taken e.g, network, systems, applications or infrastructure shut down, failover to secondary data center(s), verification of data integrity, etc.
• The scope of the incident’s impact and the pertinent facts – who, what, when, where, how and why, etc.
• Employees, Customers, Vendors, Partners and the public at large (if necessary) to contact and method(s) and communication contents.
• The need for hourly, daily, and weekly review meetings required as situation necessitates.

Once the preceding preliminary assessment is done, we document the particulars regarding the incident and the initial response actions, e.g., what was done by whom, with a timeline.

Once we have determined how the incident occurred, we assess changes to policies, procedures, controls, and the incident response plan, making recommendations for improvement with an eye toward preventing the incident from recurring.

Following a final debrief with the leadership team, our Secure Operations Center (SOC) team is available to assist with instituting necessary changes to include monitoring and management of various IT security components.