Incident Response

The Cyberis Incident Response Team (IRT) can be deployed to provide expert consulting and technical advice to help you manage a security incident from the initial detection to closure.

The Cyberis IRT will help you manage an entire incident, from a simple breach of policy to an estate-wide compromise, or work to the methodology within your organisation's incident response plan and as a colleague within your own incident response team.

When acting in a management capacity, the Cyberis IRT work to the principles of the NIST Computer Security Incident Handling Guide (Special Publication 800-61) and the SANS Institute, adopting the standard controlled phases of:

  • Preparation
  • Identification
  • Containment
  • Eradication
  • Recovery
  • Post-Incident Review

The Cyberis IRT will prioritise efforts for containment and eradication; our vast experience of security incident handling allows us to determine the most efficient route to recovery, whilst balancing the requirements for evidence management, such as:

  • Evidence Collection
  • Chain of Custody
  • Evidence Handling
  • Preservation of Evidence
  • Disposal/Destruction of Evidence

The Cyberis IRT follow the principles of the 'Association of Chief Police Officers' (ACPO) Good Practice Guide for Computer-based Electronic Evidence' for all aspects of evidence management, regardless of criminal circumstances or law enforcement agency involvement.

Digital forensics investigation can also play an important role in the identification and containment phases. Cyberis' digital forensics experts can conduct a detailed assessment of any technical investigation, including malware and exploit analysis.

Cyberis can also develop an Incident Response Plan that is uniquely modelled for your organisation, considering your industry sector, nature of your business, common and known threats, organisational structure and resources, as well as legal and regulatory requirements - balanced against industry standards and best practice.

Key benefits

  • Complete Incident Response Management or Cyberis expert integration with your own Incident Response Plan and Team
  • Tested, methodical approach to incident and evidence management
  • On-demand digital forensics experts for detailed technical analysis to minimise recovery time
  • Incident Response Plan development tailored to your organisation and balanced against industry standards and best practice