Retained Forensic & Incident Response
Enter your details below and we'll get back to you.
Ensuring you have access to Forensic Incident Response expertise is a proactive approach your organisation can take to information security. We bring our respected industry knowledge and combine this with our understanding of your business and networks to deliver a resilient and strategic approach to defence.
Who needs this service?
Retained Forensics and Incident Response is not just for cyber mature organisations which understand the very real threat posed by well-resourced and motivated hackers. The service benefits any organisation which is required to comply with GDPR, PCI DSS or other regulatory authorities because it takes a proactive approach to securing data. It also enables businesses to build in reporting and mitigation strategies to reduce the impact of a breach if one occurs. In our experience, the initial ‘golden hour’ of each incident is key to successful containment.
What does a Retained Forensics and Incident Response service involve?
The service employs the skills of experienced professionals to oversee the high level management of cyber defences across all networks and infrastructure. A Retained Forensics team will establish, direct and manage a test and exercise programme to ensure that a system is as secure as it can be. With their thorough knowledge of an organisation’s systems they will also be on hand and ready to assist in putting the agreed action plan in place in the event of a breach. In this way, the 72-hour reporting element of GDPR will be achievable and the mitigation process will be well in hand before the deadline.
Demonstrating a proactive approach to protecting your customer’s data also puts you in a stronger position when dealing with acquiring banks or any other regulatory authorities.
SRM is one of a handful of companies in the UK retained by the PCI to carry out PFI investigations. Our team uses this skill and experience to provide a bespoke Retained Forensics and Incident Response service.
Our reputation is built on trust. We do not recommend services or tools you do not need, preferring to use our understanding of your business to set up a targeted plan of action and remediation which will keep you as compliant and secure as it is possible to be. If the worst occurs, with a robust Incident Response plan in place remedial action will be swift, minimising financial and reputational damage.
Our Retained Forensics and Incident Response team will scope the project at the outset and ensure that remedial action causes minimal disruption to a business. We then continue to work with our clients on an ongoing basis to ensure maximum resilience. In the event of a breach, the incident will be managed effectively with SRM taking responsibility for all aspects of reporting, mitigation and remediation. Above all, SRM’s approach is business-focused with the aim of prioritising business-as-usual.
What is included in SRM’s Retained Forensics and Incident Response service?
Information Exchange Workshops: headed by your assigned consultant, SRM’s Retained Forensics solution includes a number of strategic steps including Information Exchange Workshops to gain a full understanding of your network and infrastructure. In this way we are able to deploy resources accurately and to build up a strategic defence. The workshop will also ensure the scoping and creation of a virtual incident response team.
Incident Simulation is an important aspect of the service, enabling us to work with clients to ensure they are fully prepared for a breach incident. Our approach integrates Red Team testing into the exercise planning and operation to provide both the random element of a real incident and real injects into the scenario.
Incident Response: a single telephone number is provided for activating the response service. This number will provide immediate access to our Retained Forensics team. The contact number will be provided to nominated representatives within an organisation and is available out of hours in the event of an incident.
Remote response provides a fast track service to your assigned consultant who will provide support and advice, providing remote support on how to mitigate further breaches following the incident and collect sufficient information to allow the investigation to commence as soon as possible.
On-site response: focuses on acquiring evidence via physical examination of assets. This element of the service focuses on risk reduction and removal via incident containment. It also includes the associated activities to support the detailed analysis and reporting the SRM team will provide.
Disaster Recovery Planning
As experienced providers of DR planning services, SRM works with clients to prioritise the survival of the business and the resumption of normal working practices as soon as possible.
Business Continuity Planning
SRM’s consultants use their experience to develop a planned programme of actions to protect a business’s critical functions and enable it to continue or re-start with minimal disruption
The SRM PCI DSS compliance team includes leading QSAs who use their wealth of experience to help organisations at all levels to understand not only how to comply but also how to reduce costs.
SRM is an accredited PA DSS assessor. With a forensic laboratory in the North East, we have the expertise and resource to guide software application companies through the process of certification.
PCI Forensic Investigation (PFI/ PFI Lites)
SRM is one of a handful of companies in the UK retained by the PCI to carry out PFI investigations.
PR: how a well-managed data breach can help limit the impact on your reputationTuesday, April 2nd, 2019
We have all seen the headlines about data breaches. They make for uncomfortable reading. Even more uncomfortable, however, is the fact that it’s often through these sensational headlines that..
It’s not a Dark Art: how we demystify cyber securityFriday, March 15th, 2019
It’s easy to see why many people think cyber security is a mysterious Dark Art. After all, it has a language of its own, full of acronyms, jargon and..
Why the prioritisation of breach identification and containment are crucial elements of every cyber defence strategyTuesday, September 4th, 2018
One of the most significant elements of the current cyber threat landscape is the amount of time it takes to actually detect and contain a breach. In a study..