Incident Response Services

Incident response plan and processes

Information Security Incidents are inevitable and although they differ in severity, most (if not all) requires some degree of response, even if the response is automated in the case of low severity incidents.

Severe incidents require a human lead response across multiple levels and business functions in the organisation to ensure its ongoing function. The resiliency of the organisation in the event of a serious security incident or breach, will depend on the effectiveness and maturity of its incident response plan and processes. Organisations of all sizes must think about security and incident response in fundamentally different ways than they did 10 years ago.

At Ntrust Advisory, we believe in the concept of “Continuous Response” and we assist organisations in maturing their Incident Response programs from a reactive to a continuous one.

Many organisations do not know their readiness to respond to an information security incident in an appropriate and practical manner. Ntrust Advisory’s Incident Response Readiness Assessment assists organisations in assessing the maturity of its Incident Response capability.

Building Capacity and Capability


Planning for an incident or breach event enables an organisation to build its capacity and capability to respond to the inevitable. Skilled people, repeatable processes and effective technologies all support a mature Incident Response process and needs to be considered when planning and building an Incident Respond capability.

Incident Response Lifestyle Framework


We take a risk-based approach to your Incident Response capability development, as understanding the risks posed to your information assets by various threat actors is key in developing a pragmatic Incident Response plan. The development of policies and playbooks, coupled with the continuous improvement of these, are some of the crucial aspects of Incident Response plan development that we can deliver to organisations through our Incident Response Lifecycle Framework.

Ntrust Incident Response services aim to align detection and response functions with the intention to instil resilience into the organisation, allowing it to respond to any incident in a manner that enables the organisation to get back to normal operating capacity quickly and without panic.

Incident Response Offerings

Readiness Assessment

Ntrust Advisory’s Incident Response Readiness Assessment assists organisations in assessing the maturity of its Incident Response capability. Maturity is measured across 15 functions of Incident Response, giving the organisation a detailed view of capability and capacity to respond effectively to an information security incident, breach or compromise.

Risk Assessment

Risk assessments determines the risk that your information assets are exposed to and includes an industry specific threat assessment and gap analysis of security controls, based on your selected framework or best practice. Knowing the risks and associated threats that the organisation faces assists in formulating an effective Incident Response program and playbooks.

Policy and Playbook Development

Policy is the start of all security and an Incident Response Policy sets the ground rules for how an organisation responds to information security incidents. Playbooks guides incident responders in the event of specific incidents and allows for response efforts to happen in a systematic manner, reducing panic and enabling the incident to be handled confidently and promptly.

Compliance and Regulatory Alignment

Data protection and privacy regulations often require specific actions in case of an incident or breach and a practical Incident Response program can enable an organisation to fulfil these requirements. In order to be compliant to various information security standards and best practices, and fully fledged Incident Response plan is more often than not a requirement.

Tabletop Exercises

On-site Incident Response Tabletop Exercise tests and identifies possible gaps and inefficiencies in current processes, in light of new threats or discovered vulnerabilities. Our tabletop exercise approach can be performed in a classroom or breakout group format to help determine how participants respond based on the processes currently in place.

Breach Disclosure

Worldwide countries are adopting Mandatory Breach Disclosures laws, requiring organisations to disclose an information security breach within a set timeframe. Ntrust Advisory assists organisation with a breach disclosure strategy and can formulate breach disclosure documents and processes in the case of an actual breach.

Post Incident Analysis (Lessons Learned)

At the conclusion of an incident respond exercise, Ntrust can perform a debrief, or Post Incident Analysis to review the performance of the Incident Response Plan, identify the lessons learned and discuss with management where improvements should be made. These lessons learned or observations should then feedback and update the relevant Incident Response Playbooks and Policies.

Get in touch to improve your incident resilience