Cyber Incident Response

Incident Stabilization

Our information security experts start by analyzing the incident and evaluating your organization’s information security posture for vulnerabilities that may have been exploited. As major vulnerabilities are discovered, we work with you to address them. In order to minimize changes to critical systems, minor vulnerabilities are documented for future remediation. While stabilizing systems, our consultants will take the necessary steps to preserve any electronic evidence that may exist. The overall goal of incident stabilization is to minimize system downtime, minimize alteration to electronic evidence and the prevent the disclosure of sensitive information.

Evidence Protection

It is important that electronic evidence not be unnecessarily altered and the state in which it was found be properly documented. Wherever possible, electronic evidence is preserved throughout the incident stabilization process. Since this evidence may be required in a court of law, it is protected according to Department of Justice guidelines for later forensic collection.  See InfoDefense computer forensic services for more information.

Root Cause Analysis

Once systems are stabilized and relevant evidence is protected to ensure court admissibility, our consultants perform an in-depth analysis to identify threats and vulnerabilities that may have led to the incident. The goal is to identify and mitigate security weaknesses that could lead to future incidents and to initiate remediation efforts to prevent future incidents.