Incident Preparedness

The probability of cybersecurity incident and the following consequences is increased constantly. It is possible to lessen this risk by implementing appropriate preventive, detective and reactive precautions. But how will you know which technical, organizational or procedural measures you need to take?

Experts from IstroSec have years of experience with resolving cybersecurity incidents in organizations from multiple fields. We are ready to help you with assessing the preparedness of Your organization and how effective would you be in dealing with cybersecurity incidents.

In the scope of your assessment we focus on:

  • Human resources

    • Responsibility for dealing with cybersecurity incidents

    • Size, aptitude and preparedness of your team for resolving cybersecurity incidents

    • 3rd parties and their role in resolving incidents

  • Processes

    • Incident prevention

    • Incident identification

    • Initial incident analysis

    • Containment, Eradication and Recovery

    • Digital evidence and forensic analysis

    • Continual improvement

  • Technology

    • Infrastructure and network architecture

    • Setting of network components – switches and routers

    • Setting of security components – firewalls, UTM, IPS/IDS, NBA, application firewall

    • Setting of security oversight, systems for detecting and reacting to incidents

    • Setting of servers – Windows, Linux, Unix

    • Workstation setting

    • Setting of domain policies and GPO

    • Cloud system settings – O365, Azure, AWS

    • Critical application setting

    • Backup settings

  • Material and documentation

    • Asset inventory

    • Incident documentation

    • Threat intelligence

    • Network topology

    • Security policies and regulations

    • Procedures for resolving incidents

    • Escalation procedures

    • Contacts and contact schemes

Incident preparedness assessment

Our assessments for cybersecurity incidents are based on best practices and years of experience with resolving cybersecurity incidents, knowledge of current vulnerabilities, techniques, tactics and procedures used by the attackers during cyber attacks.

In order to most efficiently assess Your organization, our team at IstroSec developed unique methodology. Through our methodology we achieve coverage of relevant security needs of our customer. Furthermore, we focus on implementing the procedures in order to have biggest impact on resisting cybersecurity attacks, while minimizing their time, technical and financial cost.

Our methodology is based on those pillars:

  • Creating of “Threat landscape” for organization, in which experts at IstroSec analyze relevant threats for your organization based on threat intelligence, types, size and sector of organization. Including potential previous breaches, OSINT (clear and darkweb), geopolitical situation, specific organization and threat score calculated based on technologies you employ.

  • Identification of TTP used by attackers

  • Assessing procedures, technologies and capacities relevant to identified threats

  • Inspecting relevant documentation

  • Assessing preparedness in the form of interview with employees

  • Assessing preparedness by inspecting configuration of implemented technologies

  • Vulnerability assessment

  • Analysis of current state and suggestions for improvement

  • Preparedness assessment, creation of final report and recommendations

  • (Optional) Implementation of proposed procedures and relevant processes

  • (Optional) Conducting technical exercise in order to verify effectiveness of implemented procedures on technical and procedural level by:

    • Table top exercises

    • Red Team exercise

    • Purple Team exercise

Why IstroSec

IstroSec experts have long-standing experience with improving cyber attack resiliency for organizations of various sizes and from different sectors. They maintain current knowledge about cyber threats, tactics, techniques and procedures used by attackers. Combining this knowledge with plentiful experience in actual incident response allows our specialists to create a tailored set of administrative and technical measures for your organization to create a resilient and robust cyber immunity.