Incident Response

Identification, containment, eradication, and recovery of security incidents in computer networks.

When a security incident occurs, effective and efficient incident response is required. Security incidents can take many different forms and be anything from an active threat, an attempted intrusion, a successful compromise of the security perimeter, or even a data breach.

Improsec offers deployment of an internationally accredited Computer Security Incident Response Team (CSIRT) to assess the scope of the incident and the potential damages caused, and to work with the impacted business to develop a mitigation plan until the incident is resolved.

The incident response team works through a controlled and highly documented process to contain, eradicate, and recover from the incident - and to answer important questions like ”how it happened” and ”how to avoid similar incidents in the future”.

Our team of incident responders have broad experience in responding and handling incidents of all sizes, ranging from simple security breaches to advanced and complex cyber-attacks.

Value

  • Precise and accurate identification of damages and events leading to the security incident

  • Understand the true impact and severity of a security incident to enable the appropriate level of response

  • Enable fast and effective mitigation without compromising or destroying relevant artifacts needed for the investigation

  • Identify impact caused by malicious attackers, compromised insiders, or even insiders unknowingly participating in the security incident

  • Controlled containment, eradication, and recovery from the security incident

  • Advise on how to avoid re-occurring security incidents

  • Supports the Data Protection Officer (DPO) in delivering timely and accurate information to DPA (National Data Protection Authority) in case of a data breach of personal data

  • Skilled advice to C-level crises management and in the dialogue with authorities e.g. police

Method

The incident response process is delivered in different stages – inspired by the ISO/IEC Standard 27035 supported by various industry best practice:

  • Plan and prepare for handling security incidents

  • Identify detection mechanisms and assess detection capabilities

  • Triage security events and decide on incident handling response

  • Deploy the CSIRT team to analyze, investigate, contain, and recover from the incident

  • Assess learning and update risks based on the incident and implement systematic improvements to the security management process

Product

The deliverables of the incident response team will vary depending on the nature of the incident. The typical deliverables during an incident are:

  • Frequent management and/or board information updates for executive overview and informed decision enabling

  • Frequent technical feedback on results and conclusions during the response phase

  • A post-incident report in detail describing the actions performed by the CSIRT team and the results achieved

  • Recommendations and next steps (if applicable)