Incident Response as Internal or External Capability

Incident Response can be conducted both as an actual security incident response or as a training in security incident response process.

The incident response, sometimes referred to as Computer Security Incident Response, process-chain follows the below depicted process

Incident Response Procedure in Detail

Seculyze has several service models including on-call and standby services. We will follow the below Security Incident Response Procedure as if we were an internal team:

1. Prepare

A threat model and risk assessment gives input to identifying sensitive assets, to security incident detection and to contingency planning

2. Identify

Identifying the systems that are compromised by collecting evidence and analyzing it to determine the attack pattern, techniques, and tools

3. Contain

Monitor the adversary behavior to determine the intent, while limiting the access and objective of the adversary

4. Remediate/Eradicate

A remediation event generally consists of activities that denies environment access to the adversary, degrade the ability of the adversary returning and eliminate the ability of the adversary to react to the remediation event

5. Recover

Moving back to normal operations implementing long-term controls to improve the overall security posture and prevent similar, future incidents

6. Learn

Information fed back into the preparation phase to be better prepare for a future security incident

Training in Security Incident response

Plans for 4 different types of training

A training plan will be formulated for the security team to expand their knowledge and approach based on the ever-evolving cyber threat landscape. Training will be based on the current technical level and will be performed accordingly, typically a combination of hands-on, use case-based training and training with real-life labs.

At Seculyze, we have out of the box training setups for the following. They can be used as is or customized to your needs: