Incident Handling and Response:
Incident handling process (Source: NIST Guidelines)
Cybersecurity-related attacks have become not only more numerous and diverse but also more damaging and disruptive. New types of security-related incidents emerge frequently. Preventive activities based on the results of risk assessments can lower the number of incidents, but not all incidents can be prevented.
An incident response capability is therefore necessary for rapidly detecting incidents, minimizing loss and destruction, mitigating the weaknesses that were exploited, and restoring IT services.
Because performing incident response effectively is a complex undertaking, establishing a successful incident response capability requires substantial planning and resources. Establishing clear procedures for prioritizing the handling of incidents is critical, as is implementing effective methods of collecting, analyzing, and reporting data.
Contego Solutions helps its clients to establish their own incident handling and response capabilities covering all the process stages:
- Identifying the requirements and the project scope
- Technical and business requirement assessment
- Current IT infrastructure assessment
- Current IT infrastructure configurations assessment
- Planning for the establishment of the incident handling and response system
- Creating an incident response policy and plan
- Developing procedures for performing incident handling and reporting
- Setting guidelines for communicating with outside parties regarding incidents
- Selecting a team structure and staffing model
- Establishing relationships and lines of communication between the incident response team and other groups, both internal and external.
- Determining what services the incident response team should provide
- Designing the technical implementation and the integration with IT security infrastructure
- Develop scoped systems baselines
- Designing the logical and physical placement of the solution
- Designing the integration methodologies with the current IT and IT security infrastructure.
- Planning for the required configurations and changes
- Planning for deployment stages and testing/approval criteria
- Deploying the solution component and apply best practice configuration
- Solutions deployment and configurations with staging and milestones testing
- Applying best practice configurations and solution setting fine tuning
- Test systems performance against baseline performance
- Providing solutions knowledge transfer training
- Provide installation, configuration and troubleshoot training.
- Shadow client solution’s operations.
- Providing solutions professional training road map
- Develop professional training road map based on client actual needs.
Please feel free to contact us to schedule meeting with you and evaluate your requirements.