Preparing for cybercrime; incident response Part 2
Conclusion: In engaging with an external incident response provider, it’s vital that they are not walking blind into your environment. Equally, you need to know exactly who they are, what they are capable of, and what the agreed outcomes of the engagement will be. If you have been attacked, or are still under attack, your organisation’s information assets are potentially at their most vulnerable, so the trust in your incident response provider needs to have been established prior to the attack. This places higher than normal importance on your vendor selection process, and in engaging with the incident response provider as early as possible.