Preemptive planning is essential when a quick, decisive response to computer security incident is desired. It is Webfargo's experience that the actions taken immediately following a security incident will often make or break an investigation.
Webfargo understands that different companies have different goals when a security incident is suspected. Webfargo will consult with the client to determine its goals in the event of different security incidents. Based on these goals, Webfargo will develop processes for each scenario. If a future incident were to occur, the client will then respond to the event as the plan specifies, thus insuring that any early recovery work by IT administrators will not jeopardize the long-term goals.
Typical Goals of an Incident Response Plan include the following, with different companies placing varying levels of importance on each piece.
- Contain the incident and eradicate its cause
- Recover and restore all possible data
- Provide full forensics services to gather evidence
- Interpret evidence to provide complete documentation of the event
- Assist the appropriate law enforcement authorities to prosecute
- Review and debrief all necessary individuals on event
- Analyze cause of incident and provide recommendations on how to prevent future security breaches
After a plan is developed Webfargo offers different levels of Incident Response Services. Clients can choose the level of service that is best for them. Regardless, successful recovery will depend upon a plan being in place before an incident occurs.
Also see:
Vulnerability Assessment/Security Audit
Security Deployment and Support
Security Policy Development
