Incident Response
By Failing To Prepare, you are preparing to Fail
Preventing an incident is the goal and our Cyber Incident Response Advisory services enable you to prepare your incident response capabilities by aligning your people, processes, and technology strategies to proven methodologies. It’s essential to have an Incident Response Policy and Procedure in place to deal with an incident.
We can help advise on:
- Policy & Procedure Development – Designing, developing, and embedding bespoke incident response policies, procedures and playbooks.
- Readiness Assessments – Reviewing your current Cyber Incident Response capabilities.
The Security Operations Centre (SOC)
01
Security Event Monitoring
Companies must ensure that security logs are captured and can be analysed to detect a cyber attack as it happens. A Security, Information and Event Monitoring System (SIEM) can do this, with a Security Operations team required to review these (SOC)
02
Triaging Cyber Incidents
Many companies outsource the SOC as it can save on costs and resources as dedicated and expert people are required to monitor and triage cyber incidents as they happen. This service is often a 24/7 operation.
03
In-house or Outsourced
Our consultants help provide advice and on type of SOC required. This depends a lot on size of the organisation, budget and sector they operate in. It is a requirement in many industries to have this in place and report incidents within 24-72 hrs to the regulator.
The NIST Framework has 5 core functions: identify, protect, detect, respond and recover; this will aid organisations in their effort to spot, manage and counter cybersecurity events promptly. The NIST control framework will add a structure and way of monitoring the effectiveness of cyber controls.
