Our information security experts start by analyzing the incident and evaluating your organization’s information security posture for vulnerabilities that may have been exploited. As major vulnerabilities are discovered, we work with you to address them. In order to minimize changes to critical systems, minor vulnerabilities are documented for future remediation. While stabilizing systems, our consultants will take the necessary steps to preserve any electronic evidence that may exist. The overall goal of incident stabilization is to minimize system downtime, minimize alteration to electronic evidence and the prevent the disclosure of sensitive information.
Computer Evidence Discovery
Wherever possible, electronic evidence is preserved throughout the incident stabilization process. Since this evidence may be required in a court of law, it is collected according to Department of Justice guidelines. It is important that electronic evidence not be unnecessarily altered and the state in which it was found is properly documented. Once evidence is properly collected, the computer forensic investigation process can begin. See InfoDefense computer forensic services for more information.
Root Cause Analysis
Once systems are stabilized and all relevant evidence is collected, our consultants perform an in-depth analysis of information assets as well as threats and vulnerabilities that may have led to the incident. The goal is to identify and mitigate security weaknesses that may lead to future incidents and to initiate remediation processes to prevent these from occurring.