The harsh reality is that most organisations will have their security compromised

If they have not yet been hacked, then either they've been hacked and just don't know it yet, or they are still going to be hacked and living under a false sense of security

Hacking, data breaches, malware, data theft, industrial espionage, and advanced persistent threats are an ever present threat in all organisations. Computer security incident response (often simply referred to as incident response), is an organised approach to addressing and managing the aftermath of an information security breach or attack.

​The purpose of incident response is to identify the cause of the incident, aid in the recovery from the incident, and mitigate the risks of future incidents. Should an organisation seek to prosecute or litigate as a result of an incident, the evidence obtained during the incident response is forensically sound, and can thus be used in any resulting legal processes.

---

THe Incident Response Process

---

1. Preparation

​It is not a matter of if an incident will happen but rather when. It is thus a top priority for any organisation to be prepared for an incident. We can assist in this preparation through the development and review of security controls and incident response plans, as well as the development of of incident response capacity, whether by providing incident response as a service, or continuously developing and honing internal incident response teams.

2. Detection, Collection & Analysis

​Once a suspicious activity or irregularity has been detected on the organisation's information systems, and it is considered a security incident, we will collect data from the affected systems and analyse it to determine the nature and extent of the incident. This data is then analysed to determine what has taken place.

3. Containment, Eradication & Recovery

​Once we have completed our analysis of the incident, we will assist in containing the incident to minimise the impact on the organisation, and eradicate the threat posed from the incident. Our containment and eradication strategy is aimed at protecting service integrity, sensitive data, hardware and software. We will also assist the organisation in recovering from the incident.

4. Post-Incident Activity

​Once the incident has been resolved, we provide a comprehensive report to the affected organisation seeing out exactly what happened, and identifying any weaknesses within their information security strategy. By identifying the weaknesses that were exploited during the incident, we can then propose strategies to improve the security posture of the organisation to mitigate against future incidents.