Converged Incident Response Plan

According to the SANS Institute, there are six key phases of an incident response plan:

  1.      Preparation: Preparing users and staff to handle potential incidents should they should arise.

  2.      Identification: Determining whether an event qualifies as a security incident.

  3.      Containment: Limiting the damage of the incident and isolating affected systems to prevent further damage.

  4.      Eradication: Finding the root cause of the incident and removing affected systems from the production environment.

  5.      Recovery: Permitting affected systems back into the production environment and ensuring no threat remains.

  6.      Lessons learned: Completing incident documentation, performing analysis to learn from the incident and                                 potentially improving future response efforts.

Converged Security Incident Response

According to the SANS Institute, one of the greatest challenges facing today’s IT professionals is planning and preparing for the unexpected, especially in response to a security incident. An incident can be described as any undesirable act that may compromise protected information or physical assets.

At ESI Convergent, we believe in a converged approach where incident response activities are conducted by the organization's converged security incident response team (CSIRT), a group that has been proactively selected to include physical security, information security and general IT staff as well as C-suite level members. The team may also include representatives from the legal, human resources and public relations departments. The incident response team follows the organization's converged incident response plan (CIRP), which is a set of written instructions that outline the organization's response to network events, security incidents and confirmed breaches. If developed correctly, it should include procedures for detecting, responding to and limiting the effects of any security incident.


as a 


Converged Incident Response Services

ESI Convergent can provide the following services to help complete your Converged Incident Response Plan or to help deal with an incident in progress:

·         Create or advise your converged security incident response                team (CSIRT).

·         Create or enhance your incident response plan

·         Facilitate table-top simulations and exercises

·         Forensic planning and response

·         Lessons learned and continuous improvement

·         Specific industry best practices