Comprehensive Incident Management

Comp Fides has developed a comprehensive incident management program that helps organizations assess, contain, analyze, and recover from breaches that minimize impact and strengthen overall security. We use a multi-step process that includes:

Assessment

Every incident response engagement starts with obtaining all pertinent information to understand the situation and its scope. Who detected the incident? When was the incident detected? How was the incident detected? What systems are impacted? What evidence has been collected? How was the evidence collected? What actions have been taken so far? What is the architecture of the environment?

Goals

Once an understanding of the incident is developed, the next step is to work with your team to define practical and achievable goals. These goals can include some or all of the following:

  • What was the attack vector?
  • What data was lost?
  • Who is the attacker?
  • What is the recovery preference?

Containment

An overarching strategy is developed with your team comprised of one or more containment plans. Reducing the ability of the adversary to effect the rest of your enterprise is the goal of containment. In some situations, it is more advantageous to first monitor an adversaries activities, rather than immediately containing them.

Analysis

The identification, collection, and analysis of evidence is the next step in managing an incident. All evidence is collected in forensically sound methods with a provenance consistent with strict standards to ensure spoliation and destruction does not occur.  Analysis is performed drawn from a wide range of skills to determine the attack vector, build an event timeline, and identify the scope of the breach.

Remediation

Remediation is comprised of the positioning, eradication, and recovery phases. Identification and placement of various technologies, architectural changes, and other considerations and recommendations comprise the positioning phase. During the eradication phase, the changes and recommendation identified in the positioning phase are activated to remove an adversary from the environment. Once an adversary has been removed, the recovery phase returns the impacted systems to production in a more secure state.

Closure

At the end of an engagement, a full and comprehensive report is delivered that addresses multiple audiences including technical staff, senior management, legal counsel, and other third-parties.

 

 

We proudly serve our clients with professionalism and confidentiality throughout Michigan including Ann Arbor, Bloomfield Hills, Detroit, Grand Rapids, Jackson, Lansing, Livonia, Southfield, Sterling Heights, Warren, and throughout Ingham County, Livingston County, Oakland County, Jackson County, Washtenaw County, Wayne County, and the rest of Michigan’s Lower Peninsula.