Any process or control which is of interested to our clients and customers is documented here. For ones that exist for purely internal benefit, those are documented only in our internal knowledge base.
-
Assemble - we pull in the right people with th right skills.
-
Detect - we ascertain the infiltration route and investigate the opportunities to shut down potential routes of ingress. To do this we may review the following:
- Access by Users, system administrators, network administrators, security staff, and others from within your organization reporting signs of a security incident
- SIEMs or other security products generating alerts based on analysis of log data
- Application Logs and Cloud Logs
- Network devices and endpoints
- Cloud services
- Applications
-
Contain - Implement blocks to stop additional vulnerable access.
-
Assess - We meet and review what happened and the steps taken to understand the full impact and the possible damage.
-
Adjust - After reving and handling the security incident, we continue the discussion by adding future protections to prevent similar vulnerabilities.
-
Notify - Once there is no longer a current threat, and future threats have been ruled out, we continue by notifying all affected parties. Notifications follow our public notification standards.
-
Innovate - After eliminating any near time needs, we move on to understand not only how to prevent other vulnerabilities in the same space, but how to improve the community as a whole via education and solutions to prevent other attacks.
-
Retrospect - We review this process and seek to make ongoing improvements.
All incidents will be addressed as the primary responsibility of the company until the incident response process has been completed. We take the utmost care to ensure that any all data has been verified and secured before moving on.
All security incidents will be reported in our Slack Workspace, and updates will be made as they are available.