A typical incident response from ArcherHall includes a combination of the following:
- Identification – the response team is initiated to determine the nature of the incident and what techniques and resources are required for the case.
- Containment – the team determines how far the problem has spread and contains the problem by disconnecting affected systems and devices to prevent further damage.
- Eradication – the team investigates to discover the origin of the incident. The root cause of the problem is determined and any traces of malicious code are removed.
- Recovery – data and software are restored from clean backup files, ensuring that no vulnerabilities remain. Systems are monitored for signs of weakness or recurrence.
- Recommendations – the team analyzes the incident and how it was handled, making recommendations for better future response and preventing a recurrence.