1
Preparation
Developing policies and procedures to follow in the event of a cyber breach. This will include determining the exact composition of the response team and the triggers to alert internal partners.
Protecting your organization requires a determined effort to constantly learn and harden your network against malicious actors.
Incident response is an organized approach to addressing and managing the aftermath of a security breach or cyberattack, also known as an IT incident, computer incident or security incident. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs.
As cyberattacks increase in scale and frequency, incident response plans become more vital to a company’s cyber defenses. Poor incident response can alienate customers and trigger greater government regulation. Effective incident response is critical, regardless of your industry.
ResoluteGuard Incident Response Plan
1
Preparation
Developing policies and procedures to follow in the event of a cyber breach. This will include determining the exact composition of the response team and the triggers to alert internal partners.
2
Identification
This is the process of detecting a breach and enabling a quick, focused response. IT security teams identify breaches using various threat intelligence streams, intrusion detection systems, and firewalls.
3
Containment
One of the first steps after identification is to contain the damage and prevent further penetration. This can be accomplished by taking specific sub-networks offline and relying on system backups to maintain operations.
4
Eradication
This stage involves neutralizing the threat and restoring internal systems to as close to their previous state as possible. This can involve secondary monitoring to ensure that affected systems are no longer vulnerable to subsequent attack.
5
Recovery
Our Security teams need to validate that all affected systems are no longer compromised and can be returned to working condition. This also requires setting timelines to fully restore operations and continued monitoring for any abnormal network activity.
6
Lessons Learned
Lastly, the incident response team and partners meet for an after-action review to determine how to prevent future events and improve future efforts. Final analysis is condensed into a report and used for future training. ResoluteGuard works with your team to analyze previous incidents and help improve response procedures.