Be proactive with your incidents to minimize the impact of the attacks on your business
Information security policies and preventive security controls can not guarantee the full protection of your information, services, systems or networks. As a result, no organization is immune to incidents caused by network problems, server failures, and sophisticated attacks.
When an event of this nature occurs, users or customers will no longer be able to access essential services, which affects business continuity. CAPTOSEC aligns with best practices and recommends that companies develop and implement a formal security incident management process to respond to incidents and mitigate business impacts.
In order to help our customers manage their information security incidents, CAPTOSEC develops an incident management framework, which relies on an effective incident response plan and process. Incident response process includes the following steps: Prevention, Detection, Response, and Post-Incident.
On a practical and operational level, we have built over the years a collaborative environment called “BABDOUM” to respond to security incidents. This environment consists of tools, workflow, procedures and analysts.
For more information, visit the BABDOUM page
CAPTOSEC’s Security Experts respond to an incident by performing at least the following main activities
+ Identifying and Analyzing incident quickly
+ Performing incident containment
+ Restoring normal services according to the defined priority
+ Analyzing root cause (how security breach occurred, what attackers changed, IoC, etc.), and
+ Implementing or updating security controls
+ Security incident management process
+ Security incident response plan
+ Escalation procedure
+ Incident response team roles & responsibilities
+ Restore normal service
+ Root cause of security incident
+ Evidence for legal action in the court
