If you work in data security, you deal with security incidents on a day-to-day basis. Occasionally, a minor security issue turns out to be a real live panic situation. When a major Security Incident is detected will everyone know what to do? Will a proper Response Plan each Response Team member know their role and responsibilities and and the security incident can be contained with minimal harm or damage to the company.
What is Response Planning?
Response Planning is a Information Technology as a Service (ITaaS) security solution integrating the perpetration, response, cleanup, and recovery from cyber-security incidents . SkinnyOffice can either work in conjunction with your IT resources or completely autonomous Incident Response Team to help you plan and a manage security incidents and minimizing the damage, cost and time of recovery. The mission of this team is to establish, enact, and train your IT staff in and Incident Response Plan to respond to security incidents.
How We Augment Your Response Plan
Incident Response Manager
Lead of the Indecent Response Team team that oversees the IR plan in action.
Responsible for threat neutralization and containment of an active security incident.
Responsible for research and intelligence to add context to the security incident.
Ready to Get Started?
Contact a SkinnyOffice associate and let us know how our services can help your business.
Combining Multiple Layers of Protection
Response Planning is part of our highly flexible Managed Security Program designed to meet the security demands of small and medium businesses.
Why use Response Planning?
- Preparation – Define a corporate security policy: this typically includes acceptable use of company data, consequences for security violations, and definitions on what qualifies as a security incident. Define how the Response Team should handle a security incident, including documentation of incidents, and both internal and external communications.
- Identification – Define what criteria activates the Response Team. It could be a specific kind of issue – like “found a random USB drive on the floor” or a Network Protection alert “Brute Force Attack Detected” that triggers the IR plan.
- Containment – Short-term containment is an immediate response in stopping the threat from spreading and doing further damage. Back-up on all affected systems to save their current states for later forensics. Long-term containment includes returning all systems to production to allow for standard business operation, but without the accounts and backdoors that allowed for the intrusion.
- Eradication – Establish a process to restore all of the affected systems. This includes the re-imaging of all systems involved in the incident and remove any traces of the security incident. Update defense systems to prevent the same kind of security incident from occurring again.
- Recovery – Determine how to bring all systems back into full production after verifying that they are clean and free of anything that could lead to a new security incident.
- Review – Review the documentation of the incident with the Response Team for training purposes. Update the IR plan based on feedback and any identified deficiencies.
- Complete an Incident Report: Documenting the incident will help to improve the incident response plan and augment additional security measures to avoid such security incidents in the future.
- Monitor Post-Incident: Monitor activities post-incident to stop threat actors from reappearing.
- Update Threat Intelligence: Update the organization’s threat intelligence feeds.
- Identify preventative measures: Create new security initiatives to prevent future incidents.
- Integrates with SkinnyOffice Managed Security Platform