Experienced a security breach? Contact Sicra’s incident response team (IRT) anytime using the following methods:
1. Collect information and perform a value assessment
Gather all available information about the incident. This includes what was observed and the exact time the incident was first detected.
Ensure access to the necessary tools and systems for incident handling.
2. Send an email to: irt@sicra.no
Include as many details as possible.
3. Then call us at: +47 66 80 88 20
Create an incident response plan.
Does your organization have a plan for security incidents and business continuity?
If not, it should be established as soon as possible. Below, we have outlined some key elements that should be included in such a response plan.
1. Define roles and responsibilities
Appoint a response team with 1–2 individuals having overall responsibility, and assign key internal roles such as:
Technical lead
Financial lead
Legal lead
Infrastructure lead
Define clear objectives and responsibilities for the team – and log everything that is done.
2. Establish agreements and allocate dedicated resources for:
Incident response support provider
IT operations provider
Legal counsel
Insurance provider
Also identify other parties that may need to be contacted in the event of an incident, such as the police (e.g., Kripos), the Data Protection Authority, etc.
3. Maintain updated network information
Extract and securely store updated network information externally, including details for:
All locations and data centers
All cloud integrations and products
VPN and other remote access
All domains and corresponding DNS information
VDI infrastructure
4. Escalation and communication during an incident
Ensure the following information is in place:
Document what an employee should do if a potential threat is detected
Document alternative communication channels and verify that they are functional
Document the endpoint monitoring solution to easily detect anomalies and related incidents
Document the email flow solution – this is critical for threat actors and may be impacted during an attack
5. Document critical systems
All critical systems and solutions should be documented, including the following information:
Business purpose
System description
Point of contact
Associated software and components
Relevant locations and storage areas
Preparedness for handling and storing key logs/network overviews
Map the network topology of affected areas and ensure routines are in place for updating diagrams
Deploy solutions for analyzing relevant logs, such as:
AD, DNS, and DHCP logs
Windows system, security, and application logs
Proxy and firewall logs
Antivirus and IDS/IPS logs
Syslog
NetFlow data
Client-based IDS logs
Other application logs
If possible, ensure real-time visibility into relevant systems and collect evidence if your organization has the expertise.
Experience: We’ve helped businesses of all sizes prevent and manage security breaches.
Innovation: We leverage cutting-edge technologies to protect your data and systems.
Peace of mind: With Sicra by your side, you can focus on what you do best – running your business. Let us help you stay proactive.
Don’t wait until the damage is done. Contact Sicra today and let’s build a secure, future-ready response plan together.
Your security. Our priority. Sicra.
📧 irt@sicra.no | ☎️ +47 66 80 88 20