Cyber Incident Response Planning
Our SOC conduct incident response engagements using four typical incident response phases:
1 – Cyber Incident Response Plan
The key to preparation is effective planning. Delegating incident response roles for dealing with cyber incidents is key to cyber incident response. ConnectDS will act as your outsourced SOC to support operations in the event of cyber attacks. We’ll provide a plan so that all incidents are managed effectively.
2 – Detecting Data Breach Efforts & Cyber Attacks
Using your implemented SIEM and IDR tools, ConnectDS will interpret the threat intelligence provided to act as quickly as possible. SIEM tools are essential when it comes to monitoring network traffic and the better visibility that you have, the better. ConnectDS offer managed security options that provide increased visibility of information security.
3 – Containment & Eradication
Our incident response team members will leverage the information provided and execute within their roles and responsibilities in turn. The incident response plan has now moved to containment of the threat for the purposes of extermination. It is expected that in this stage, the cyber incident is ended and proper planning and provision has resulted in effective incident response.
4 – Review and Lessons Learned
As part of our cyber incident response service we provide insight to the incident to determine the success of the breach and the efficacy of the response plan execution. The lessons learned leads to refinement of attack preparation and areas to address.
