Preparation is the most important stage of the incident response process, and is also the most commonly overlooked. Establishing and testing incident response process before an incidents happens significantly increases the likelihood of an organisation being able to response in a timely and effective manner. Having these processes in place can also demonstrate that the organisation is taking a proactive approach towards security, and is required by a number of standards such PCI DSS and ISO 27001.
The team can provide guidance and assistance at all stages of this process, including:
- Working with staff to develop both incident response policies aligned to various standards and frameworks, as well technical incident response plans.
- Carrying out gap audits of existing incident response processes, including reviews of both the policies and previous security incidents.
- Carrying out table-top exercises in order to identify weaknesses in existing response processes.
- Carrying out more in-depth attack simulations, such as developing simulated malware samples to test detection and monitoring system.
- Working with organisations after a security incident to provide guidance during the lessons-learned phase, and recommendations for improvements that could be made the reduce the likelihood and impact of any future incidents.