Incident Response & Remediation

Cyber incident response is the process of responding to, managing and mitigating cyber security incidents. Its goal is to limit the damage and disruption caused by cyber-attacks and, where necessary, to restore operations as quickly as possible. When an organization is impacted by a cyber security breach, a clear perspective is required to take control of the situation and respond effectively to protect assets, operations and reputation. Timely incident response support helps companies to quickly contain the compromise and smoothly achieve recovery, leaving them in the strongest position possible, with minimal business disruption and their reputation intact.

How should you respond to a security incident?

Fast & Decisive Action

It is important to take fast, decisive action when a security incident occurs. Effective incident response requires a clear plan which outlines the actions key stakeholders should take in a variety of scenarios. Organizations should then follow a clear and structured sequence of steps to ensure that every aspect of managing and mitigating the incident is covered. This will include actions such as containment, threat removal and mitigation and recovery, identification of improvements and further testing. The response should also include informing the relevant authorities, depending on the nature of the incident.

What are key cyber incident response steps?

Effective incident response should include six key steps:
 
  1. Preparing systems and procedures, including the development of an incident response plan.
  2. The identification of incidents and the gathering of evidence.
  3. Containment of attackers to limit any additional damage from the incident, which includes short-term containment, system back-up to preserve evidence, and long-term containment.
  4. The eradication of attackers and re-entry options.
  5. Recovery from incidents, including the restoration of systems.
  6. Lessons learned and the application of feedback to the next round of preparation.