Has your organisation experienced a security breach?

Contact the mnemonic Incident Response Team (mIRT) 24x7.

What should you do?

Initiate your response plan

  • If you have a plan for managing security incidents, intiate it now.

Define & delegate roles

  • Define an Incident Manager with overall responsibility.
  • Delegate roles. Examples of key roles are: Information Manager, Troubleshooting Team Manager and Logkeeper
  • Define responsibility and objectives

Gather information & tools

  • Call all information on the incident (see initial data collection below)
  • Gather all the tools necessary for managing the incident

Initiate countermeasures

  • Set up countermeasures for your network, systems and clients to limit damage. Examples include: isolation, segmentation, or limitation within a firewall

Communicate

  • Draw up a communications strategy for internal and external contacts
  • Report in accordance with internal and mandatory requirements
  • Consult legal advice or the police if relevant

Initial data collection

  • Find or produce an overview of network topology for relevant networks
  • Collect and analyse relevant log information, including:
    • DNS and DHCP logs
    • Netflow data from routers and switches
    • Proxy and Firewall logs
    • Antivirus and IDS/IPS logs
    • Windows system logs
    • Syslog
    • Host-based IDS logs
    • Application logs
  • If possible: establish visibility (real-time information) from relevant systems
  • If you have the in-house competencies: collect evidence from relevant systems.