Security Breach Help
If you believe you have suffered a security breach there is a lot to consider, that’s where we come in.
Call us in confidence on 020 3095 0520
It is imperative that the situation is assessed properly, to understand the scale and scope of the breach. We will work with you on-site to examine the suspect systems and build a profile of what exactly has happened.
Incident response
If you don’t have an incident response process, or any procedural guidelines we will start to compile an incident response log for you. It details items such as the type of incident (e.g. DoS, intrusion, defacement, data theft), the likely source, the level of severity, and the impact. We will also log who you have informed, and offer guidance on who should be informed bearing in mind your particular legal and/or regulatory obligations.
Incident management
If the incident is live and ongoing we will help you to contain it, and bring it to a managed close. This is so that other at-risk systems can be properly protected, and so we can control the incident in such a way that evidence is preserved for forensic analysis. If the incident has already been successfully contained we will gather evidence, both electronic and physical.
Post incident
Once we are happy that the incident is over our forensics work will commence. We first make a copy of the isolated drive(s) and advise that you keep the original(s) in secure storage. This is so that we can work freely without any risk of corrupting evidence that may be needed in legal proceedings.
The image of the drive is then interrogated to uncover the exact nature of the breach, the details of what has been compromised, and to root out any deleted, damaged, or encrypted files as evidence of intent.
We can also show you the cost of the breach, in accounting terms, so that repairs and remediation can be factored in.
Finally we will evaluate the performance of your personnel. Whether you have practiced for a breach or not it’s important to get a handle on the ability of your people to deal with it. This is never a blame exercise, it’s the only way that you can identify knowledge gaps and training needs. We will also assist you in putting together an incidence response plan and advise on the creation of your own computer/security incident response team.