Incident Response - Incident investigation and elimination of safety incidents

We work with you to develop an action plan for an appropriate and structured response to security incidents.

Incident Response Management cycle

IT security incidents can never be completely ruled out. Therefore, it is important to create an incident response plan by describing how responsible persons must respond to possible cybercrime incidents. A timely response to the incident is necessary to contain the damage, as the loss of sensitive data or damage to reputation can threaten your very existence. The chart shows our Security Incident Response process, which is also described in the following.

The cycle of the incident investigation:


Preparation:

The team must be informed about possible incidents in existing processes. In addition, the prevention procedures to be followed in the event of damage shall be be known to all stakeholders.

Identification

Thorough analysis of the security incident and classification of the threat. Determine whether there is a security incident or a false report.

Containment

Define short-term and long-term strategy for mitigating the incident, to prevent further escalation. All steps for damage limitation and, if necessary, isolate existing systems.

Eradication

Clean up attacker artifacts on the compromised system. All affected Systems must be removed from the production system.

Remediation

The affected system is safely returned to its normal state. after ensuring that there are no further threats.

Insights gained

Document the chain of events as an investigation. Learning points and Add improvements to the existing security governance, thus future reactions will be improved.

Your advantages through us

We offer remote and on-site support in investigating security incidents to reduce their impact on your business. We can also advise or execute on closing the security gap.