Incident Response

The English term can be translated as “reaction to an incident”. In IT security, this concerns the response to a cyber incident. This response can be handled by the company’s own Incident Response Team (your administrator or administrator). your IT department) or by external service providers. It is important that the reaction is as fast as possible.

What does that mean in detail?

In general, incident response comprises three main tasks:

Analysis
The Incident Response Team helps to assess the incident and decides together with the contact persons which measures are expedient. The analysis includes, among other things:

• Reconstruction of the events
• Assessment of the extent of the damage
• Derivation of concrete recommendations for action

Data Recovery
The Incident Response Team is helping to resume operations as quickly as possible. It attempts to rescue the affected devices/services and data on them. However, depending on the incident, complete rescue or recovery is not always possible. Based on the previous analysis, measures are also taken to prevent re-infections. Data recovery tasks include:

• Finding hidden copies of data
• Professional installation of backup copies
• Preservation of evidence that will stand up in court
• Measures against further cyber incidents

Documentation and aftercare
In a final report, the Incident Response Team summarizes the most important findings, including a chronicle of the events and possible causes. Furthermore, this report contains recommendations for action to protect the company more effectively. On the basis of this final report, those responsible can meet their reporting obligations and insurance requirements.

Where do I come across this problem in my day-to-day work?

If a cyber incident occurs in your company, an incident response is carried out – because you have to react in any case. In general, the faster and better the response, the faster the company can resume normal operations, the better the damage can be limited and the better the company can be protected against future incidents. In addition, the better prepared a company is for an incident, the more successful the incident response can be. Such preparations include, among other things, backups that are as up-to-date as possible and can be found quickly.

What can I do to improve my security?

Review your company’s current incident response measures with those responsible for it. Define together which factors are decisive for the operation of your company, how you can optimally protect them and restore them as quickly as possible in an emergency. Perseus also offers 24/7 emergency telephone support for cyber incidents (incident response).