Incident Response Management
Companies are facing an ever-increasing danger to fall victim to IT security incidents. Owing to increasing IT dependency, potential effects also become increasingly serious. It is therefore advisable to deploy a praoctive approach towards the respective risks. SCHUTZWERK can support you with a process-based establishment of incident response management.
Rarely does a company's IT dependency become more apparent than in the case of an acute security incidence. If information is lost or IT systems fail, the consequences may range from production shutdown to substantial damages to the company's image. Frequently, serious financial losses are the end result. Therefore every hour, and in some cases even every minute, counts in the execution of counterreactions.
Particularly companies with a complex IT environment and/or high IT dependency will benefit from a proactive risk approach and the establishment of so-called incident response management, ideally to detect and restrict security incidents early on. More importantly, structures and time-saving process models as well as clear responsibilities will have been established. In addition, important interfaces to other processes such as risk management, IT incident management and business continuity management will be created. As such, incident response management aims to minimize damages of a security incident as best as possible and aims to return to regular opertation as quickly as possible.
- Drafting a responsibilities matrix and establishing respective posts for incident response
- Creating a risk management interface, particularly for quantifying relevant risks
- Establishing mechanisms for early detection and centralised notifiction of security incidents
- Creating possibilities for improved identification and isolation of security incidents
- Establishing interfaces to the IT emergency management and business continuity managment, particulalry in regards to required emergency measures during security incidents
- Establishing interfaces for information security management, particularly in regard to the optimization of security measures to avoid a repetition of the incidence as well as to sensitize relevant people (in the sense of a continuous improvement process, e.g. regarding the detection of user-related security incident causes)