IT security incidents can never be completely ruled out. Therefore, it is important to create an incident response plan by describing how responsible persons must respond to possible cybercrime incidents. A timely response to the incident is necessary to contain the damage, as the loss of sensitive data or damage to reputation can threaten your very existence. The chart shows our Security Incident Response process, which is also described in the following.
The team must be informed about possible incidents in existing processes. In addition, the prevention procedures to be followed in the event of damage shall be be known to all stakeholders.
Thorough analysis of the security incident and classification of the threat. Determine whether there is a security incident or a false report.
Define short-term and long-term strategy for mitigating the incident, to prevent further escalation. All steps for damage limitation and, if necessary, isolate existing systems.
Clean up attacker artifacts on the compromised system. All affected Systems must be removed from the production system.
The affected system is safely returned to its normal state. after ensuring that there are no further threats.
Document the chain of events as an investigation. Learning points and Add improvements to the existing security governance, thus future reactions will be improved.
We offer remote and on-site support in investigating security incidents to reduce their impact on your business. We can also advise or execute on closing the security gap.