The Security Incident Response Team - SIRT is on the forefront of security events that impact both Brmbl.io and Bramble the company.
See the Incident Response guide for how to get assistance.
Our mission is to detect security incidents before they happen and to respond promptly when they do happen. We aim to ensure maximum operational uptime of mission critical infrastructure and informational assets in its daily operations. This mission is achieved by providing effective crisis response, timely distribution of security notifications, continuous monitoring of potential issues, postmortem of major incidents for training and environmental awareness.
- Reactive - Services design to respond to active incident handling, including but not limited to
- Incident analysis
- Incident response support and coordination
- Incident response resolution
- Proactive - Services designed to improve the infrastructure and security processes of Bramble before any incident occurs or is detected. The main goals are to avoid incidents and to reduce the impact and scope when they do occur.
- Cyber Threat Analysis of vulnerability warnings and security advisories
- Monitor Adversaries' activities and related trends to help identify future threats
- Configuration and maintenance of security tools, applications, and infrastructure
- Administrative - Services design to assist with requests from Bramble’s Legal and HR Departments.
Moved to Incident Response guide.
- The SIRT, other internal, or external entity identifies a Security or Privacy
- Event that may be the result of a potential exploitation of a Security Vulnerability or Weakness, or that may the result of an innocent error.
- One of our Security detection controls identifies event outside of the established security baseline
- SIRT determines whether the reported security or privacy event is in actuality security or a privacy event
- SIRT determines the incident severity based on the following risk matrix
- Mitigates the root cause of the incident to prevent further damage or exposure
- SIRT may implement additional controls to minimize the damage as a result of the incident
- Determine if it is safe to continue operations with the affected system
- Permit or deny the operations of the affected system
- Components that have caused the security incident are eliminated
- Removal of the attackers’ access to the environment or the targeted system
- Strengthen the the controls surrounding the affected system
- Represents the effort to restore the affected system’s operations after the problem that gave rise to the incident has been corrected
- Implementation of additional monitoring controls
- Update the incident record with any relevant details
- Post-Incident analysis and activities
- Post Mortem and lessons learned activity
Refer to our Incident Response guide for more detail.