Need assistance with a security incident?
Our incident response experts can help your organisation investigate and respond to cyber incidents - 24x7
Has your organisation experienced a security breach?
Contact the mnemonic Incident Response Team (mIRT) 24x7.
- Mail: [email protected]
- Telephone: +47 23 20 47 47
- Alternative: +47 23 20 28 25
What should you do?
Initiate your response plan
- If you have a plan for managing security incidents, initiate it now.
Define & delegate roles
- Define an Incident Manager with overall responsibility.
- Delegate roles. Examples of key roles are: Information Manager, Troubleshooting Team Manager and Logkeeper
- Define responsibility and objectives
Gather information & tools
- Collect all information on the incident (see initial data collection below)
- Gather all the tools necessary for managing the incident
Initiate countermeasures
- Set up countermeasures for your network, systems and clients to limit damage. Examples include: isolation, segmentation, or limitation within a firewall
Communicate
- Draw up a communications strategy for internal and external contacts
- Report in accordance with internal and mandatory requirements
- Consult legal advice or the police if relevant
Initial data collection
- Find or produce an overview of network topology for relevant networks
- Collect and analyse relevant log information, including:
- DNS and DHCP logs
- Netflow data from routers and switches
- Proxy and Firewall logs
- Antivirus and IDS/IPS logs
- Windows system logs
- Syslog
- Host-based IDS logs
- Application logs
- If possible: establish visibility (real-time information) from relevant systems
- If you have the in-house competencies: collect evidence from relevant systems.