Incident Response is a set of procedures for an investigator to examine a computer security incident. This process involves figuring out what was happened and preserving information related to those events. Because of the fluid nature of computer investigations, incident response is more of an art than a science. Time-to-detect and Time-to-respond to cyber threats are the most critical factors at the initial stages of a cyberattack. Any delay in response only increases the damage to network and infrastructure, potential data loss, and the cost to remediate the cyber attack.
INCIDENT RESPONSE RETAINER
CyberESI will provide IR services consisting of 5 hours/month, to be used in the event of a cybersecurity incident. The incident response tasks can be performed both onsite or remotely, depending on the type of tasks being performed. The monthly hours do not carry over from month to month.
INITIAL INCIDENT RESPONSE
Perform preliminary investigation:
- Determine scope and criticality of incident
- Provide initial recommendations for mitigation
- Escalate to full incident response if necessary
FULL INCIDENT RESPONSE
Extends investigation and response:
- Extended analysis and evaluation of the incident
- Develop and implement mitigations
- Keep stakeholders informed and report on progress
- Document actions and deliver comprehensive final report