Incident response is an organised approach to addressing and managing the aftermath of a security breach or attack (also known as an incident). The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. An incident response plan includes a policy that defines, in specific terms, what constitutes an incident and provides a step-by-step process that should be followed when an incident occurs.
An organisation's incident response plan is typically conducted by the IT incident response team, which has, based on various third party reports, a huge resource shortage in organisations who are huge enterprises. The incident response team and strategy is in some ways similar to the operation of a fire station, first responder takes on the job and this can be a network analyst to a security manager.
Satisnet’s solution is to understand the types of threats an organisation is facing, like DDoS, malware outbreaks (via phishing or drive by download), as well as existing expertise, tools and processes that are in place to understand if we can assist in optimising the existing strategy.
From that we are then able to discuss the areas in which any additional resource, process or technology is required and provide you with a defined incident response process following SANS Institute's six steps to handling an incident effectively.