Cyber Security Incident Response
Effective incident containment is crucial when you’re defending against cyber threats that can damage your company’s reputation
How effectively can you respond to an incident?
Nobody wants it to happen to them, but organizations must face the troubling inevitability that successful cyberattacks will occur, and develop an effective Cyber Incident Response Plan to mitigate the impact.
The 6 steps of cyber security incident response
1. Preparation
Are suitable defenses in place, including tools, teams and training for incidents before they happen?
2. Detection & Analysis
Are incidents being identified thoroughly? Going through the IR process only to find a false alarm is no fun.
3. Containment
Incident need to be contained immediately to prevent/reduce possible collateral damage.
4. Eradication
Get rid of the malicious code, unauthorized account, or disgruntled employee that caused the incident.
5. Recovery
Ensure systems meet company standards or baselines, before returning to service and continue to monitor it for any abnormal behaviour to ensure that incident has been fully resolved.
6. Post-Incident Activity/Lessons learned
Reports should detail what happened, why it happened, what could have prevented it, and what you’ll be doing to prevent it from happening again. Buy-in must be obtained for the changes needed to prevent similar incidents in the future.
How can we help you?
WebSec Services assists our clients to be well prepared for a security incident by:
Developing a Cyber Security Playbook which consists of a step by step guide of key actions to be taken in the wake of an incident.
Working with our clients to create incident response procedures and processes in order to protect the confidentiality, integrity, and availability (CIA) of their critical data and computing resources.