Incident Response (IR) Procedure

1.

Preparation

Develop and maintain an IR plan, policies, and communication protocols. 

2.

Identification(Detection and Analysis)

Detect potential security incidents via tools (EDR and APT)

Analyze and confirm if an incident has occurred.

Classify and prioritize the incident based on impact and severity.

Containment, Eradication and Recovery

Take immediate steps to limit the incident’s spread and impact.

Implement short-term containment (e.g., isolating affected systems).

Plan and execute long-term containment actions to maintain business continuity.

Identify the root cause of the incident.

Remove malware, close vulnerabilities, revoke compromised credentials and eliminate attack artifacts.

Restore affected systems and services to normal operations.

Verify systems are clean and secure.

Monitor for signs of recurring issues or reinfections.

3.

4.

Post-Incident Review

Conduct report to understand what happened and how well the response worked.

Document findings, update IR plans, improve controls, and provide training to prevent recurrence.

Network Topology

Network Diagram from the client can better understand their infrastructure. This ensures that both we and the client have a clear understanding of their infrastructure.

Business Application

We start by collecting essential data from the client, such as details about their industry and applications, including systems like ERM (Enterprise Resource Management) and POS (Point of Sale).

Security Risk Assessments

We perform various technical scans to identify vulnerabilities in the client’s systems:

• APT (NetFlow) to detect potential advanced persistent threats.
• EDR (Ransomware and Virus Scan) to detect, investigate, and respond to suspicious activities and advanced threats like ransomware and malware
• Vulnerability Scan (Tenable) to identify, evaluate, and prioritize security weaknesses in systems, networks, or applications

Health Check

In addition, we also provide a Health Check service. This service allows us to collect critical information, enabling faster response times in the event of an incident. Here’s how the process works:

Written IT Audit Procedure (Policy and Control)

Reference to the Hong Kong Government SRAA (Security Risk Assessment and Audit) guidelines

Insights Report

In cybersecurity is a strategic document that aggregates, analyzes, and visualizes actionable security data to help organizations better understand their risk posture, identify threats, and guide decision-making on mitigation and resource allocation. The report distills large volumes of log, scan, and threat intelligence data into recommendations and trends that enable leadership and technical teams to proactively address vulnerabilities and compliance requirements.