Incident Management and Forensics Triage
An incident response plan outlines steps for reporting incidents and lists actions to be taken to resolve information systems security incidents and protect security systems. Handling an incident entails forming a team with the necessary technical capabilities to resolve an incident and contacting the appropriate sources to aid in the resolution when required and reporting closeout after an incident has been resolved. Our team has developed and implemented procedures for the identification of security incidents, incident response, and reporting.
Our team will review system component events and audit logs based on the frequency defined in incident handling policy, procedures and requirements looking for any suspicious, unauthorized or illegal activities that might be present. By using information gathered through scan analysis, authorization reviews, port open requests, incident response analysis, and being involved in control implementation to ensure that necessary events are audited; our team can review the event and audit logs and identify potential suspicious activities. If an event is identified, the team will capture the required information and report it immediately according to the approved Incident Response Plan.