Human Incident Response

For organizations that experience a breach or other security incident resulting from a user action, such as Social Engineering or Phishing attacks, we offer our Human Incident Rapid Response service. Unfortunately, while the public and stakeholders readily accept the inevitability of technical attacks, they are less accepting of incidents that result from apparent poor judgment. It is therefore critical to demonstrate that your organization is taking immediate and definitive actions to both mitigate the damage and prevent future incidents.

While there are many services that assist organizations with the technical aspects of security incidents, there are few, if any, services that specifically address human incidents. Some of the most noted attacks in recent history were only enabled after exploiting human vulnerabilities through phishing or social engineering attacks. Additionally, there are regular incidents where human failings have inadvertently leaked massive amounts of sensitive information. All incidents create embarrassment and a loss of trust in the compromised organization.

Service Overview

Secure Mentem’s new service analyzes the root cause of the attack, creates a plan to mitigate the damage and the underlying vulnerabilities, and assists in implementing the plan. The solution provides a critical service, while allowing the victim organization to demonstrate that they are taking definitive and relevant actions to reestablish trust and reduce the potential for future compromises.

Our experts are on call to provide emergency support in assisting and assessing damage, designing a mitigation strategy from the human perspective, taking advantage of the teachable moments, and designing an emergency awareness campaign to demonstrate that the organization is taking actions to prevent future incidents.

Our Approach

Step I. Incident Assessment

Examination of the damage caused by the incident, the areas of the organization affected, and the root vulnerability.

Step II. Organizational Assessment

Examination of the organization’s security culture and subcultures. Review of the current Security Awareness program in place and the resources available to deliver Security Awareness messaging.

Step III. Incident Response Creation

Design of a strategy, tactics, and plan to deal with any repercussions from the incident. Develop short-term Security Awareness program to take advantage of the teachable moment and address the underlying vulnerabilities exploited. Integration of metrics is critical to the plans to demonstrate that there will be a measurable improvement in the resulting security culture.

Step IV. Metrics and Calibration

After the implementation of the short term Security Awareness program, our experts will work with your team to examine the results and determine if the program is having the desired impact. Our experts will recommend adjustments and changes to the long term Security Awareness program.

Learn More

To learn more download our Human Incident Response data sheet