Incident Management ■
Incident Management is the combination of facilities, equipment, personnel, procedures, and communications operating within an organisation, designed to ensure an efficient and predictable response to damaging events and computer intrusions.
The key value of effective Incident Management is to minimise the impact of a potential incident by early detection and containment of an attack, achieving the best possible outcome, prevent a potential outage and ensuring business continuity.
Minimising business impact in the event of an intrusion significantly reduces the cost of recovery time as well as potential financial and reputational damage
An effective monitoring plan contributes to enhance other areas in the organisation, such as security accountability, troubleshooting, etc
Incident response contributes to increase the security stand of the organisation by providing valuable feedback about potential weaknesses
Drastically increase the level of confidence in the organisation’s infrastructure integrity
Provides an opportunity of recoup the cost of the incident should the evidence are presented as part of a court case
Find out if your most critical business assets are at risk
Detection and Handling Framework
In the current climate of ransomware, cyber espionage and state sponsored attacks, even the most well equipped of companies could eventually be compromised. Regardless of whether the organisation is a startup or a Fortune 100 company, incidents can happen at a moment’s notice. It is generally a question of when rather than if.
An incident will only be responded to if it has been detected in the first place. This planning phase analyses the organisation’s infrastructure and implements a robust framework for monitoring and intrusion detection.
Additionally, a process is designed to ensure an efficient and coordinated response when an incident happens.
When the inevitable happens, it is important that as an organisation, there is a robust process in place to answer the important questions: who, what, why, when and how.
SECFORCE CSIRT team’s main goal is to answer these questions through any means possible whilst identifying and containing the attack, minimising any additional risk to the organisation.
The team will then identify the root cause of the intrusion, eradicating the security issue and performing all the necessary actions to facilitate a speedy recovery.
If necessary, information will be shared with the security team, to ensure that the necessary actions are taken to implement appropriate security controls around the specific issue.