Incident Response

What is Incident Response?

In the Cyber Security world Incident Response (IR), or Incident Management (IM), refers to those activities performed when analysing and responding to potential or real attacks or unexpected occurrences that occur on your information systems.

IR/IM are the actions, processes and procedures carried out upon detection of security events on a computer or computer network to maintain the integrity of the data in storage or in transit. Any IR/IM activation is often followed by a post-incident analysis to determine the what, how, why, where and who to learn from the incident and how it can be prevented in the future.

The Challenge

Should an incident occur within your organisation, speed in response is essential to minimise impact & cost, maximise response and contain the situation. Any actions taken as a result of an incident need to be assessed in terms of their impact on the continued functioning of business critical operations.

IR/IM will not only involve the IT Department but other business units such as Communications/PR, Legal, Customer Service who will need to respond in a coordinated manner.

Identification of a serious incident from “business as usual”, reporting and escalation are essential if effective, targeted and timely response is to be achieved.

The Solution

Establishing an effective Incident Response / Incident Management capability is an essential part of an overall Cyber Security strategy. Any response capability will require the identification of the critical business assets of the organisation.

Any incident must be classified in order for it to be adequately dealt with. For this, events are divided into three basic types:

• Normal - An event that does not affect critical infrastructure or does not require any changes prior to resolution of the event. Senior personnel are not usually involved.
• Escalation - Events that affect critical systems or require resolutions that need to follow a change control process. Senior personnel and stakeholders are informed of escalation events.
• Emergency - Any event which could:
  • Impact health and safety
  • Breach primary system controls
  • Be deemed an emergency as a matter of policy or by declaration of the incident coordinator.

At IAS, we offer to guide and help you implement your Incident Response Team using various tools and techniques that accord to the set process. The most important part of this process is Triage. By having a thorough understanding of the nature of threats facing organisations today allows for quick prioritisation of incidents.

We work with you to develop effective IR/IM capabilities to respond to escalating incidents. Often departments must work together to combat an incident in order to protect sensitive information and supporting infrastructure. Our support will help you to do just that!