Pondurance helps organizations review and/or develop Security Incident Response Plans to ensure that procedures are robust and actionable in all phases of the incident response lifecycle. Specifically, Pondurance will work with client to improve or establish an IR lifecycle that contemplates the following:
- Preparation – Establish Management Commitment and organizational accountability, and allocation of resources to prepare.
- Detection and Analysis – Pondurance will inventory and define the countermeasures used by client to identify a security event, contain a security incident, limit its spread and protect client systems. Pondurance may make recommendations for improvement, in addition to documenting the current state.
- Containment – Pondurance will develop procedures that client may execute in containing the damage and restoring affected systems to their normal operating state.
- Eradication – In the course of developing the procedures, Pondurance may recommend procedures that are delineated by internal execution and those that may be best executed by third parties (i.e., forensic analysis, memory scraping and analysis, system cleaning, etc.) to eradicate malware.
- Recovery – Pondurance will develop procedures for client that provide a basis of recovery for minimum operations, if a return to normal operations cannot be achieved.
- Learning – Pondurance will develop a plan for testing the plan during periods of calm, integrate lessons learned from exercises and real-world incidents. Pondurance will also facilitate a tabletop exercise as part of the development and implementation of the updated plan.