We help prepare and plan for security breaches before they happen, giving you the ability to stop them in their tracks.
NIST STANDARDS FOR COMPUTER INCIDENT HANDLING
CipherTechs prepares organizations for incident response based on the National Institute of Standards and Technology’s (NIST) Standards for Computer Incident Handling as well as relevant industry-based ‘best practices’.
In general, these standards categorize Incident Response Handling into the following lifecycle phases:
- Prepare – Prepare and plan for incidents which are highly probable and would have significant impact
- Detect & Analyze – Ensure detective measures remain in place and are effective to identify active threats and provide advance warning for looming threats
- Contain, Eradicate, Recover – Minimize scope of impact when a threat materializes, recover systems to their original form, and restore systems to their functioning state.
- Post Incident – Finalize documentation of the incident and conduct post-mortem exercises, including prioritization of control reinforcement where necessary
As part of this review, CipherTechs will review policies and solutions that are already implemented to determine how they are currently performing and what incident response capabilities they are providing to include:
- A review of any existing incident response policies and testing plans
- A review of any past incident response events and reports
- A review of common client side controls to include event management and remote control capabilities on user desktops
- A review of common server side controls to include event management and remote control capabilities used to manage server resources
- A review of detection capabilities that are possible via firewall polices and controls as might be implemented in a network firewall or any other security solution
CipherTechs can also assist in developing IR policies and procedures and can also coordinate IR tabletop exercises to ensure incident handling and management process and procedures are optimal for the organization.