Incident Response Overview 

GhostWatch provides both proactive and reactive Incident Response services that mitigate the risks associated with unauthorized and unintended exposure of confidential data. 

What if I suspect a data breach or data compromise? 

If a breach or a possible compromise of sensitive data is suspected, a rapid response is crucial. Data could be further compromised and the entity may be in further violation of international, Federal, State, and local statutes. GhostWatch’s rapid response team takes action immediately and begins managing the mitigation process from a central command hub. Simultaneously, an experienced team of specialists is deployed onsite to activate defenses and remediation. 

Our Incident Response service can encompass all impacted areas including coordinating the technical, regulatory, and public relations actions affecting employees, customers, business partners, regulators, investors, and the media. 

If you are experiencing a security breach and need immediate assistance, Contact Us. Our Incident Response team is ready to respond. 

How GhostWatch Helps 

Understanding the risks and creating a solid plan of action prevents a data breach from becoming a business catastrophe. GhostWatch addresses all aspects of Incident Response by managing and coordinating the technical, regulatory, and public relations actions that impact employees, customers, business partners, regulators, investors, and the media. From the moment a data breach is discovered through to its rapid resolution, GhostWatch leads the process to mitigate the breach and minimize potential negative impact on the business. It could mean the difference between being bogged down for 10 days or 10 years. 

GhostWatch can give you the confidence that comes from being prepared for a crisis. We work with IT and business users at all levels of your organization to analyze key business processes, information flows, and technology assets. We capture your business processes and analyze them to develop an approach to mitigate governance, regulatory, and compliance risks. From crisis management to business recovery, our professionals help companies plan for rapid resumption of normal business activity. 

GhostWatch provides services to: 

  • Analyze vulnerabilities and impact 
  • Design recovery processes 
  • Train employees 
  • Develop, test, validate, and execute data incident response plans 
  • Execute the incident response recovery process 
  • Manage all aspects of customer notification and retention 
  • Respond to regulators and maintain legal protections 


Incident Response Services 

Incident Response Planning 

A business can mitigate the impact of a data breach by proactively developing an Incident Response Plan. Each Incident Response Plan is customized to the organization´s risk profile and includes an analysis of the type of data managed, the manner in which it is handled, the industry and applicable regulatory framework, and potential severity of the breach. Incident Response Plans are sometimes mandated by compliance regulations, such as the PCI DSS (Requirement 12.9). The development of a plan may include: 

  • Risk assessment 
  • Identification of the incident response team – key resources, roles, and responsibilities 
  • Breach definition, mobilization, and alert mechanism 
  • Step-by-step action plan and checklists 
  • Incident response training (also required by the PCI DSS) 
  • Communication plan 
  • Regulatory response 

Technical Services 

Technical services include: 

  • Infrastructure Management: Implement controls, procedures and training programs to minimize the risk of a breach occurring and to have internal and external mechanisms in place and ready to go if a breach occurs.Containment: Stop in-progress attacks or reduce the efficacy of an attack. 
  • Damage Assessment: Investigate and identify the exact nature of the problem, enabling you to continue your business operations uninterrupted and disassociating you from the problem. 
  • Remediation: Patch the vulnerability or otherwise prevent the problem from reoccurring. 
  • Recovery: Get affected systems back up and running, reinstall software, restore lost data, and other actions necessary to recover from the incident. 


Federal law and most US states require notification in the event of a data breach. Failure to notify the affected individuals may result in significant penalties and other liabilities. Some laws require notification to be performed “as soon as possible, and without unreasonable delay.” Notification requirements are also impacted by the nature of the information (healthcare records vs. payment card numbers), the format of the data (paper records vs. electronic data), and whether the breach is defined as material or immaterial. 

Regulatory services include: 

  • Forensic investigation to identify affected customers and location 
  • Rapid turnaround to comply with mandatory notification time frames 
  • Coordination with and support of internal and external legal counsel, including ensuring that the attorney work-product privilege is maintained to the maximum possible extent 
  • Coordination with criminal or civil investigation, including national security agencies 
  • Ensuring maintenance of safe harbor protection throughout the investigation 

Public Relations 

Developing an effective and coordinated public relations response is critical to ensure customer retention, business credibility, investor confidence, and protecting the bottom line. 

Public Relations services include: 

  • Situation assessment 
  • Message development 
  • Communication strategy development and implementation 
  • Outreach and response to employees, customers, business partners, investors, regulators, and media 
  • Surveillance that scours traditional media, the web, chat rooms and bulletin boards for misinformation 

Customer Retention Management 

Data breaches can have a severe adverse effect on the relations between a business and its current and future customers. Our Customer Retention Management services are designed to minimize the inconvenience caused to your customers and include the following: 

  • Customer notification in compliance with regulatory requirements 
  • Identification and location services to find affected customers 
  • Web-based and call center support and messaging for inbound calls 
  • Toll-free personalized customer service center 
  • Total client back-end support 
  • Remediation assessments and management reports 
  • Customer credit monitoring, identity theft insurance, and restoration services 


Recommended Posts