Incident Response and Management

All data networks come under attack by motivated hackers or disgruntled insiders; it is inevitable that –sooner or later- a security incident will occur. It is even possible that a breach, releasing confidential data to unauthorized persons, will result. Traditionally, organizations have responded to these incidents when they occur. Unfortunately, the reactive incident response is frequently poorly planned and executed, and may even exacerbate the effects of the original incident.

The goal of Incident Response is to stop security breaches before they happen, or to effectively respond while they are happening. A rapid response protects your Information assets and resources, and allows you to comply with regulatory requirements, avoid legal liability, prevent relay attacks against other organizations, and to minimize the potential for negative exposure to vendors, partners, and customers.

Digital Defence has developed the Agile Incident Management, or AIM ™, program to increase the effectiveness of the incident response processes. AIM is the totality of proactive and reactive measures undertaken to help prevent and manage data security incidents across an organization.

Digital Defence has also pioneered the retained Incident Management, or rIM, service, which brings our incident response and management expertise to small- and medium-sized companies at a reduced cost and with a rapid implementation to enhance your security as quickly as possible.

Computer Security Incident Response Team, ddCSIRT

For most organizations, it is often extremely difficult to bring together a team of internal resources who have the collective expertise required to professionally handle a computer incident. Inexperienced responders can delay resolution of the incident and may miss or damage important evidence needed to support litigation; the result is a direct financial cost as well as damage to your reputation that can result from a mishandled incident response.

Digital Defence’s computer security incident response team, ddCSIRT, is a “jump team” of certified incident response professionals who are available 24×7 to assist you in responding to an attack. We can be at your site in as little as 4 hours, and can fully manage your incident response from start to finish. A rapid response, coupled with appropriate procedures, is critical to the success of controlling a security incident and preventing future occurrences. When our skilled experts are deployed to your site, we will:

• Review the incident
   
• Isolate the probable cause using a structured root-cause analysis
   
• Contain the situation
   
• Preserve all evidentiary materials
   
• Eliminate the probable cause
   
• Assist in recovery to a fully operational status
   
• Identify any post-recovery issues

 

Service Description

DigitalDefence can also augment your own team’s response by providing specialized services:

• Develop an incident management strategy, policies, standard operating procedures, and escalation criteria and procedures
   
• Align your incident management strategy with any required governance frameworks, such as ISO 27001:2005, PCI DSS, or government mandates
   
• Provide 24 × 7 hot-line support services
   
• Assist you in selecting and training your own in-house CERT team
   
• Provide a trusted term of external experts to aid in your incident response (legal council, private investigation services, public relations, etc)
   
• Act as a trusted referral agency in contacting third parties (ISPs, hosting companies, etc)
   
• Provide liaison support in dealing with law enforcement
   
• Provide vendor-neutral guidance in selecting and implementing technical solutions
   
• Create realistic training scenarios to prepare your staff to effectively respond to security incidents