Incident Response Planning (IRP) has proven to be a critical element within effective cyber security strategy for organizations in today’s complex landscape of cyber crime, security breaches and data theft as it will help organizations to minimize incidents impact also strengthen defenses against future incidents.
Incident Response Planning (IRP) has proven to be an effective strategy for organizations to
- handle cybersecurity incidents.
- minimize their impact if they occur.
- strengthen their defenses against future incidents.
Incident response process include the following phases:
1 – Preparation
The preparation phase is about ensuring you have the appropriate (response plans, policies, call trees and other documents in place and that you have identified the members of your incident response team including external entities.
2 – Identification
In the identification phase you need to work out whether you are dealing with an event or an incident. This is where understanding your environment is critical as it means looking for significant deviations from “normal” traffic baselines or other methods
3 – Containment
in the containment stage you will want to work with the business to limit the damage caused to systems and prevent any further damage from occurring. This includes short and long term containment activities.
4 – Eradication
During the fourth stage the emphasis is on ensuring you have a clean system ready to restore. This may be a complete reimage of a system, or a restore from a known good backup.
5 – Recovery
At this point, it’s time to determine when to bring the system back in to production and how long we monitor the system for any signs of abnormal activity.
6 – Lessons Learned
This final stage is often skipped as the business moves back into normal operations but it’s critical to look back and heed the lessons learned. These lessons will allow you to incorporate additional activities and knowledge back into your incident response process to produce better future outcomes and additional defenses
In summary, we believe that Secure Networks Consultants will provide an excellent fit to your stated requirements for:
- Developing incident respond program.
- Developing incident response policies, process, and procedures.
- Incident response readiness assessment
- Incident response table top exercise
- Incident response and investigation