In which cases should an investigation be requested?
In the event of a disaster or suspicion of a security incident, ITrust can intervene quickly and discreetly to study the various incidents:
- Compromission of machines
- Unauthorized reading of emails
- Publication or access to confidential and strategic data
- Dissemination of defamatory information
- Denial of service…
These are all situations where you need to be able to react quickly but not in a hurry. Thanks to its experience in security incident management, ITrust assists you:
- Advice on what to do
- Technical intervention to investigate the workstations or servers concerned
- Proposal of the most suitable solution on the basis of the study of the events that have occurred
- Identification of the perpetrators and their modus operandi in order to know exactly what malicious actions have been carried out and to collect evidence
ITrust provides technical expertise in log analysis and correlation, recovery of deleted files and their analysis to determine their nature and function in proving security breaches.
ITrust’s experience in organizational management of security incidents allows :
- To act with pragmatism and without haste
- To manage a crisis situation
- Identify the necessary steps to deal with the incident
- Communicate with discernment about the disaster
- To detail in a table the steps “action / reaction / prevention”.
- To protect oneself against the renewal of the attack or the disaster by setting up adapted procedures
ITrust also advises you on legal aspects, if necessary in partnership with experts in the legal field.
ITrust works with state institutions, banking organisations and major players in the net-economy. Most of our staff members are accredited “confidential defence”.
The technical investigation begins with a mapping of the incident. The workstations and servers concerned by the incident are identified, as are the malicious actions carried out (compromising machines, unauthorized reading of emails, publication or access to confidential and strategic data, dissemination of defamatory information, denial of service, etc.).
It continues with the identification of the scenario, which aims to rigorously trace the modus operandi, the authors and the vulnerability at the origin of the intrusion. The security engineers here seek to collect tangible evidence that you can present, especially to an insurance company.
Finally, a phase of reverse-engineering allows to dissect and understand the attack or computer virus, so as to durably protect the victim company against this type of attack.
Crisis management assistance includes :
- Technical help to restart efficiently in degraded mode until the switch to nominal mode
- Human and legal assistance in post-incident action counseling
- Advice on corrective action
- Legal analysis and advice on the possible consequences of the incident