Incident Response Support
Organisations rarely have an adequate incident response plan in place to prepare for any unprecedented system and network compromise. A lack of proper incident response could cost an organisation huge financial and reputational loss. ProCheckUp can provide both proactive and reactive incident response services to support an organisation before, during and after a computer security incident in order to contain and minimise any possible damage caused.
During an incident, ProCheckUp will provide assistance with a consultative support team coordinated via phone, e-mail, in-person which will all be supported by documentation. This helps organisations identify a suspected incident, ensure proper containment of the incident, safe eradication of any malicious software, and prompt recovery of both systems and data to bring the business back up and running.
This can involve technical assistance in the interpretation of any data collected, providing helpful contact information, or relaying guidance on mitigation options and recovery strategies. Depending on the incident, ProCheckUp may also include investigation and forensic analysis as part of the incident response.
ProCheckUp can help organisations prepare themselves better in anticipation of an attack by providing assistance and guidance in the following areas:
- - Creation of a robust business continuity and disaster recovery plan
- - Recommendations on detection and preventative controls
- - Identification of critical IT assets and business data
- - Conducting risk analysis
- - Security-related information dissemination
- - Education and training to raise awareness
Network & Host Monitoring Design
Efficient system monitoring, design, and implementation is imperative to ensure that all activities on the network are securely logged for analysis in case of any potential system compromise. Without robust monitoring and data collection, it will be difficult for investigations of an incident to be carried out. Attempting to gather detailed information from affected systems after an incident has occurred wastes precious time and resources that should be spent responding to, and recovering from, the effects of an incident.
ProCheckUp will analyse your network diagram and help determine the best implementation for system monitoring across the network. This would typically involve providing assistance and guidance around the following areas:
- - Placement of sensors around network boundaries and critical hosts
- - Choosing the right data type to capture - full packet, packet string, or session data
- - Placement of network and host intrusion detection systems
- - Configuration of operating system, web server and database server logs
- - Log retention and backup
Once the network and host monitoring implementations have been put into place, ProCheckUp can help test them to ensure that they successfully capture network activities as intended.
ProCheckUp Engagement lifecycle
Procheckup utilises a standard engagement model for all engagements which is defined below: -
Offering - Activities that take place before the execution of a consultancy assignment:
- Pre-sales and identification of client needs;
- Creation of an agreement, typically covering: - Context of the work - Services and deliverables - Approach and work plan - Roles and responsibilities.
Execution - Delivery of the services agreed at the offering stage to satisfy the client:
- Refining the work plan;
- Implementing the agreed work plan;
- Assignment of staff, management and mentoring;
- Approval and acceptance.
Closure - Activities that take place at the end of a consultancy assignment:
- Final client evaluation and agreement that the service has been delivered;
- Conclusion of obligations;
- Finalising payment;
- Any subsequent improvements to the service.
Please contact us for more information on how ProCheckUp Incident Response Services can help you.