Cyberattack and Data Breach Emergency Services
Planning call to establish communication preferences and confirm what (if any) remediation steps have already been taken.
Identify the scale and impact of the attack.
Mutually define a response plan. Start deploying tools.
Assess operating environment.
Identify known indicators of compromise or adversarial activity.
Perform data collection and initiate investigative activities.
Collaborate on plan for initiating response activities.
Remove the attackers’ access. Stop any further damage to assets or data.
Prevent any further exfiltration of data.
Recommend real-time preventative actions to address root cause.
Perform ongoing monitoring to detect recurrence.
Provide a post-incident threat summary.