Security Crisis and Incident Response

Security crisis and Incident Response comprises of conducting a comprehensive review of the 3 core components- the objective is to determine the adequacy of the crisis and incident response techniques defined. These 3 core components are as follows:

  • Application Security- under this core applications are examined, and existing processes are reviewed to formalize administration and crisis response mechanisms.
  • Network Security-Network infrastructure and configuration management techniques are reviewed for integrity. Incident handling and responding mechanism is defined for the core infrastructure
  • User Level Security-Existing policies and recent incidents are reviewed along with current best practices to define an appropriate user level security framework

Security Crisis and Incident Response includes the following 3 activities:

  • Incident Monitoring and Handling: this includes the following
    • Investigation Management- Defining the management model for security investigations
    • Emergency Responses- Defining the response during various types of emergencies
    • Root Cause Analysis- Identification of the root cause of an incident
  • Emergency Response planning- this encompasses the following:
    • Response Team Coordination- Defining the coordination mechanism between the team, i.e. escalation lists and responsibilities
    • Policy and Procedure Development- Development of suitable policies and procedures
    • Response Plan Testing- Testing the Response plan for practicality and effectiveness
  • Electronic discovery- electronic discovery includes the following:
    • Forensic Analysis- Define an outline to conduct forensic analysis
    • Evidence Handling- Define a method to handle evidence
    • Litigation Support- Preparation of evidence for litigation purposes, such as disciplinary action
  • 24 X7 Security-monitoring tasks executed at Cyber Intelligence Center
  • Continuous operational process enhancement
  • Well-defined crisis and incident response policies and procedures
  • SLA based tracking



Let's Get Started