Security Incident Response Process
Provided by C2IT Consulting – Your Trusted IT Partner
Purpose
This process outlines the steps C2IT Consulting will take in
collaboration with your organization when a suspected or confirmed security
incident occurs. Our goal is to respond quickly, limit damage, preserve
evidence, and restore services in a secure and controlled manner.
1. Immediate Client Action Upon Discovery
If your team suspects a security incident (e.g., phishing,
malware infection, unauthorized access, data breach, etc.), please:
Do not shut down or modify the affected system unless
directed to do so, as it may destroy critical forensic evidence.
2. C2IT Initial Response
Once notified, C2IT will:
Acknowledge
receipt of the incident report and assign a technician.
Engage
our Security Lead if needed, depending on severity.
Contain
the incident by isolating affected systems or accounts (e.g., disable
compromised users, block network connections).
Start
an incident response ticket for documentation and communication
tracking.
3. Investigation and Analysis
C2IT will conduct a structured investigation that may
include:
Reviewing
logs (email, device, firewall, cloud services)
Running
antivirus/EDR scans or manual forensic checks
Checking
for lateral movement or secondary indicators of compromise
Assessing
what data, systems, or accounts were impacted
Coordinating
with vendors or authorities as needed
4. Communication
Throughout the response, C2IT will:
Provide
regular updates via email or calls
Coordinate
with designated client contacts only
Document
all findings, actions taken, and recommendations
5. Remediation and Recovery
Once the incident is understood:
Affected
systems will be cleaned or rebuilt as necessary
Passwords
or credentials will be reset
Patching
or configuration changes will be made to prevent recurrence
Multi-Factor
Authentication (MFA) may be enforced if not already in place
C2IT
will work with the client to bring systems back online securely
6. Post-Incident Review
After recovery:
C2IT
will prepare a post-incident summary report detailing:
A follow-up
meeting will be scheduled to review findings
If
applicable, changes may be proposed to your Customer Care Plan (CCP)
7. Optional Services for Future Prevention
If not already in place, C2IT may recommend:
Advanced
Threat Protection (ATP) for email
EDR
+ SOC monitoring (e.g., Huntress)
Microsoft
Defender for Business or Intune compliance policies
Backup
review or implementation
Security
awareness training (e.g., KnowBe4)
Incident
Response Retainer or Cybersecurity Insurance Consulting
Client Responsibilities
Designate
a primary and secondary security contact
Notify
C2IT promptly when a suspected incident occurs
Cooperate
fully with investigations (provide access to systems, users, or data if
needed)
Follow
post-incident recommendations to reduce risk