D.I.R.T. - Data Incident Response Team
Metro Data, Inc.'s Data Incident Response Team (D.I.R.T.) will provide consulting and technical advice to help you manage a security incident from the initial detection to closure.
Why the DIRT acronym? Because the Internet can surely be a dirty place - and it spells out what we do!
From a single PC breach to an enterprise-wide compromise, we will work rapidly and thoroughly in each phase:
Information Security (Infosec, aka Cybersec) is challenging
Securing information in a "connected" world is very challenging. The adversaries are sophisticated. Sometimes large, well-funded criminal enterprises, and even nation-states, are engaged in attacking our information assets and stealing data. Their motivations are varied, running the gamut from financial gain, to corporate espionage, business disruption, and even cyber warfare.
Cyber threats are constantly evolving, and the fight is asymmetrical, with organizations having to protect their systems against everything all the time, while an attacker only has to be successful once.
There are also internal challenges, both technological and human. Organizational information assets and data have become widely distributed in multiple locations, including outside the organization’s physical control (e.g., in the cloud and on the hand-held devices of employees and vendors).
This exposure is exacerbated by an emerging data-driven business model, where organizations are amassing huge quantities of information and retaining it for possible future use, sometimes indefinitely. In addition, employees and vendors can be careless in their handling of personal information or are able to intentionally steal information by taking advantage of security holes.
Furthermore, security solutions are complex, requiring integrating technology with processes to ensure that the technology is properly deployed and used.
What We Do
- Develop and Review of Incident Response Plans (IRP) - One of the most important steps a company can take before a cyberattack is to develop and test an IRP. We can help create your IRP or review existing ones to ensure they reflect best practices.
- Cybersecurity Audits - In any enforcement action or litigation, your company's negligence in managing cybersecurity may be used against you. As part of our audit process, we also review whether a client’s use of personal information, including internal and external data flows, is consistent with its stated policies and regulatory obligations.
- Risk Assessment Analysis - Risk assessment is a fundamental building block, as well as a best practice of cybersecurity planning. We work with clients to help identify and assess these risks, drawing on our wide range of expertise conducting such assessments from a technical perspective. This includes determining the company’s most valuable assets, how they are protected and who can access that information. Where clients have already conducted such an assessment, we review and comment on their assessment to determine if it meets accepted practices.
- Employee Training - A company’s cybersecurity planning is only effective if employees are sensitized to the related risks through training. While companies generally design and implement such training internally, we work with clients to make sure that the scope and level of training would satisfy a regulatory inquiry and best protect the company if its practices were challenged in a litigation.
- Vendor Management - One of the most critical threat vectors that companies face is cyberattacks that exploit a third-party vendor’s network connection to a company. We review clients’ vendor management processes to determine if appropriate cybersecurity requirements are in place, and review third-party vendor agreements to determine if the client is adequately protected.
- Forensics - Our team includes skilled cybersecurity engineers who can evaluate the cyberattack and determine the best way to approach remediation efforts.
- Notification, Public Disclosures, Law Enforcement and Regulators - We have extensive experience working with numerous agencies, including the FBI, local law enforcement, and State and Federal agency regulators. We also have access to some of the regions most experienced cyber-law attorney's, who can offer their guidance and advise your management team whether disclosure is required and manage multistage notification processes. They can help clients make appropriate public statements during a crisis, and in the case of a cyberattack, review all public statements to ensure that they are consistent with legal requirements and that they do not inadvertently increase risk.
Why Use Metro Data's D.I.R.T.
When a company discovers it is the victim of a cyberattack, every moment is critical. Companies must contain the attack and mitigate the damage, and also must quickly manage an array of demands and pressures from the media, government officials, customers, business partners and shareholders. Companies also must be prepared for the reality that the media can sometimes break the news of an attack before a company is able to gather all the relevant facts. Metro Data, Inc.’s multidisciplinary Data Incident Response Team has the knowledge and experience to help companies manage an attack and minimize legal exposure.
Our team regularly discovers and reports Common Vulnerabilities and Exposures (CVE®). CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Operating as DHS's Federally Funded Research and Development Center (FFRDC), MITRE has copyrighted the CVE List for the benefit of the community.
We have published the following Common Vulnerabilities and Exposures: