A timely response to the incident is necessary to contain the damage, as the loss of sensitive data or damage to reputation can threaten the company's existence. The graphic shows our Security Incident Response process, which is also described below.
We offer remote and on-site support in investigating security incidents to reduce their impact on your business. We can also provide advice and assistance in closing the security gap.
The team must be informed about possible incidents in existing processes. Furthermore, the prevention procedures to be followed in the event of damage must be known to all stakeholders.
Thorough analysis of the security incident and classification of the threat. Determine whether there is a security incident or a false report.
Define short and long term strategy for mitigating the incident to prevent further escalation. Take all steps to mitigate damage and isolate existing systems if necessary.
Clean up attacker artifacts on the compromised system. Remove all affected systems from the production system.
Safely return the affected system to normal after ensuring that no further threats exist.
Document the chain of events in an extensive investigation. Add learning points and improvements to existing security governance to improve future responses.