Our Incident Response Program

We have a straightforward, three-part approach to cyber security:

During or immediately after the organization's mediation process, it should build the Incident Response Plan (IRP).

NOTE: The time to start thinking about your IRP is NOT AFTER you have had a breach or cyber security incident. AFTER the incident, there will be no time. Let us help you prepare for this now.

Depending on the size of your organization and the complexity of the information systems which drive your organization, not all components of the IRP described below may apply to you. This will only be revealed after a correct assessment of your situation has been accomplished.

Like other aspects of cyber security, a serious and correct approach will include the full cooperation and participation of everyone in the organization...from the Board of Directors to front-line staff members. Not building a solid plan or handling an incident correctly could result in legal liabilities, lawsuits, loss of cyber insurance coverage, and other negative blow-back.

Types of security incidents you are preparing for include:

  1. Network intrusions
  2. Denial of service
  3. Account takeovers
  4. Malware
  5. Phishing attacks
  6. Loss of data (employee, customer, IP, etc.)
  7. Security vulnerabilities detected by third parties
  8. Theft of assets

A correctly constructed IRP will consist of the following components:

  • Plan Development
  • Identification and Training of the Incident Response Team
  • Identification, Vetting, and Engagement of Independent Support Resources
  • Tools and Training
  • Assessment, Containment, and Eradication Procedures
  • External and Internal Incident Communication Procedures
  • Law Enforcement Engagement Procedures
  • Recovery and Continuity Procedures

Doing all this on your own without the assistance of experienced experts would be a mistake and a waste of your money and time. There is no reason to re-invent the wheel. We can help you get this challenging component of cyber security accomplished in the most efficient manner possible.

More detailed information about the plan components:

  • Plan Development. Establish the plan goals and perform the Incident Response Readiness Assessment to ascertain what has and has not been done and what needs to be done to properly prepare the organization to deal with a breach or incident.

  • Identification and Training of the Incident Response Team. A core IR team needs to be identifed, built, and trained. These will be the leaders who everyone will look to during an incident. This group really needs to have their act together and it will require the participation of folks from all your departments and organizational levels. It also requires the identification of various outside 3rd parties, such as law enforcement, legal, cloud service providers, who have to be factored into an actual incident. Once you have identified all the players, then everyone needs some level of training to make sure they know what to do. Again, it will be too late to do this when an incident occurs.

  • Identification, Vetting, and Engagement of Independent Support Resources. After you have identified 3rd party support resources, they have to be vetted and pre-engagment contracts must be signed. When an incident occurs, it is all about doing things fast and doing them right. The company's survival may depend on it.

  • Tools and Training. Certain automated and other tools can be used to help the IR team train and organize the rest of the organization according to the plan requirements.

  • Assessment, Containment, and Eradication Procedures. The IT and forensics teams must understand their processes and procedures and how they will coordinate their activities with the rest of the organization's activities during an actual incident.

  • External and Internal Incident Communication Procedures. An incident requires very carefully orchestrated communications with many different audiences--both external and internal. Everything about a breach or incident is very sensitive and once something is said, it's hard to get it back. A correctly constructed communications plan will save the day.

  • Law Enforcement Engagement Procedures. For containment, legal, liability, insurance, and other reasons, law enforcement agencies are notified and engaged. How your organization interacts with law enforcement is not something you will get the luxury to make up on the fly.

  • Recovery and Continuity Procedures. The goal is to get the incident behind you while keeping the business intact. No matter how well the team performed, there will be lessons learned and changes to be made to the IRP. If there is a next time you want it to cost you less in time and money, and the planning for that starts now. 

Clearly, what you have just read is the tip of the iceberg. That's the bad news. The good news is that we can help you get this done quickly and efficiently. Please contact us for more information: 303-997-5506