At the VS DATA Specialist Institution, we have established a Rapid Response team dedicated to handling incidents of breaching the security of IT systems.
What we do?
The Rapid Response team is the third line of support in responding to security incidents that exceed the capabilities of the attacked organization. Team members secure and analyze evidence and traces of an attack, stop and remove an incident, mitigate the threat, and restore data and infrastructure.
In the preparation stage, efforts are concentrated in the area of prevention and building capacity to respond to incidents that may occur in the future. This also includes building the awareness of the users of the organization’s IT systems – training in cyber hygiene and proper response to potentially dangerous situations, as well as increasing the competences of the internal IT team in the field of proper response to security incidents.
At this stage, it is determined whether the identified event is in fact a security breach incident. If confirmed, the traces and evidence are collected and initially analyzed in order to correctly classify the incident and then react appropriately.
At this stage, the material is also secured, maintaining the chain of evidence, which may constitute the basis for analyzes for the purposes of further proceedings, e.g. administrative (in the scope of GDPR) and criminal. It is extremely important to deal properly with electronic evidence in order to maintain the continuity of the chain of evidence. Only then will the collected materials have probative value.
Without securing the material for subsequent analyzes, it is not possible to provide a reliable answer to questions regarding the breach of personal data, especially unauthorized access and theft of data (leakage), or to the questions of contractors – whether and what secrets of their companies have been breached (e.g. whether technical specifications of the products have been leaked, which have not yet been put on sale).
It means stopping the incident, depending on its type, removing its effects and restoring business continuity of the attacked organization. At this stage, adequate technical and organizational measures are implemented to mitigate the risk of an undesirable event occurring in the future, including: reinstallation and reconfiguration of the IT environment of the attacked organization.
Post-Incident Activities = Incident Analysis
This is one of the most important steps in dealing with an incident. Its proper conduct can and should be used to draw conclusions and further improve the security of IT systems in the organization.
Contact US: [email protected], tel. +48 500 16 26 36