Security Operations - Incident Management and Response | ProVision
Security Operations - Incident Management and Response | ProVision
3761
page-template,page-template-full_width,page-template-full_width-php,page,page-id-3761,tribe-no-js,tec-no-tickets-on-recurring,ajax_fade,page_not_loaded,,qode-title-hidden,qode_grid_1400,footer_responsive_adv,qode-theme-ver-16.4,qode-theme-bridge,wpb-js-composer js-comp-ver-5.4.7,vc_responsive,elementor-default,elementor-kit-8005,tribe-theme-bridge

Description

Incident management and response is the process that defines how a business handles a security breach. The goal is to limit potential negative consequences — brand reputation, financial costs, penalties and/or time to recover. The incident response plan — ideally developed cross-functionally — includes policies, definitions, roles, processes and tasks.

Subsets of incident management and response:

Forensics

Following an incident that involves sensitive information, a forensics team creates a plan and conducts an investigation to identify relevant digital evidence and determine the scope of a breach. Relevant electronic data must be collected and managed according to strict procedures. PCI Forensic Investigators (PFIs) specialize in payment card industry (PCI) breaches.

Legal response

When an incident involves e-discovery, organizations execute a legal hold process to notify all parties to a litigation to preserve relevant information. Software automates many aspects of legal hold, including legal notices and reporting, to help ensure that the process is executed in a defensible manner that meets deadlines.

Containment and isolation

Containment strategies and technologies vary, but the goal is to limit the damage caused by an incident and prevent whatever caused the damage from spreading. Isolation products segregate and enclose a network or system that may be infected or exhibits vulnerabilities. This creates a barrier that prevents malware from escaping and causing damage.

Elimination and remediation

Malware elimination involves removal of executables as well as any artifacts from an infected system or endpoint. Remediation addresses the root causes of a breach.

Request more information about Incident Management and Response solutions

    vendors
    intezer

    Contact us

    to find out what Incident Management and Response solution is right for your needs.