Incident Response

Are you ready for a suspected breach? An incident response plan for diverse threats, such as ransomware, insider threats, or external data breaches, is critical. We can assist with incident response and management. Accorian's security experience, combined with cutting-edge technology, provides clear and precise incident response. It is a race against the clock to keep a crisis under control. Whether it is ransomware encrypting corporate data, information-stealing malware on your network, or data breaches exposing sensitive data, you must know the specifics of the threat in order to take the appropriate action. It is critical to limit the danger, scope the event, analyze the damage, and remediate as soon as possible. The objective is to quickly re-establish business, safely and securely.

We can help with all aspects of incident management. We leverage a 5-step plan  to make sure you are ready.

Request a Quote

Incident-Response

Why Choose Accorian?

Accorian was founded so organizations can stop compromising between technology necessities and technology budgets. Formed by technology and cybersecurity leaders, Accorian strives to be your full-service technology partner. Our hands-on approach combined with a goal-oriented, proven methodology brings both fiscal value and expertise to each of our clients.

Experienced Incident Response with Dedicated Technology

The Incident Response (IR) solution from Accorian combines extensive security analytical skills with world-class specialized investigative and security technologies. First and foremost, the combination implies that you get the quickest and most reliable results. Our proactive staff serves as an extension of your team, leading any necessary analysis, making sure that nothing is ignored, and delivering the outcomes you seek. We can assist you with every area of incident management. We use a 5-step process to ensure you are prepared.

Our 5-Step Process to Prepare an Incident Response Plan

Preparedness

Preparedness

A corporate security strategy should include data categorization, the repercussions of
violations, definitions of security incidents, a communications plan, and a prioritizing system, among other vital aspects.

Identification

Identification

Define the criteria that activates the initiation of an incident response. Utilize the appropriate tools – logging, SIEM, MDR, and a vulnerability program – to assist in the detection and prioritization of vulnerabilities.

Containment

Containment

Prepare a containment strategy for both the short and long term. The short-term containment plan’s goal is to immediately prevent the threat from spreading. It also entails saving or archiving the systems and logs for use in forensic investigations later. The long-term plan involves a strategy to restore the company’s operations after the neutralization of the threat.

Removal

Removal

Removal entails the elimination of the threat actor and the return of all business processes to their standard operations. In order to do this, the forensics team will require pictures of all drives, logs, and malware reports, among other elements that may be critical to the removal of the threat.

Recovery

Recovery

Leverage forensics to have a thorough understanding of what was compromised. Address and strengthen any vulnerabilities that are discovered and notify any relevant compliance authorities, such as HHS, PCI, and others, if necessary.

Cloud Security Audits

Learn More

Cloud Security Audits

Auditing of your cloud security posture cloud to understand your posture can be quite challenging, we help our clients to conduct detailed cloud security audits through a manual and automated approach.

Learn More

Resources

Article

Adobe's Common Controls Framework of Industry-acclaimed security standards

Today’s world is an ever-changing scenario with changes to the technology sector happening more frequently than ever due to emerging technologies. The case is quite similar in the field of Cyber Security. There are a few industry-acclaimed cybersecurity standards for governing the processes and execution of these standards. These standards are usually built upon a framework of control objectives that need to be implemented by the organizations to comply with these standards. Compliance is measured in terms of control objectives meeting the compliance criteria and also other regulatory and statutory criteria. Since most of these Cybersecurity standards speak of similar control objectives or lay emphasis on similar control areas, it is advisable to have the ‘Adobe’s Common Control Framework’, which means that if we are able to comply with a single requirement from a particular framework, in theory, we should be able to use the adherence of that requirement for ALL the similar frameworks. There are several approaches to achieving this Adobe's Common Controls Framework both in theory and in practice and will be discussed in detail later on in this article. The most relevant security and privacy frameworks are ISO 27001, NIST, PCIDSS, GDPR, SOC Type 2. There is a significant overlap of controls contained in these standards as all of these standards primarily deal with one requirement which is the protection of data. Protection of information from unauthorized disclosure, compromise, and theft forms the backbone or the building blocks of an Adobe's Common Control Framework. This leverages the fact that similar controls or that the essence of the controls is the same across standards and can be used to gauge the adherence or compliance of an organization to the standard. In actual execution, while gauging the compliance of an organization, the Adobe's Common Controls Framework is not only holistic but can reduce the effort and cost otherwise required by the organization to comply with individual standards. There are two methods of developing the Adobe's Common Control Framework for an organization and there are very subtle differences between the two methods. They are Controls harmonization and Controls Mapping. Controls Harmonization: Harmonization is the creation of a brand-new control language set from several source languages of standards taking into consideration content & context. In theory, the intent and meaning of the words and sentences remain intact, but the language and actual words of the individual standards have been changed with a new harmonized meaning defined. To achieve the usage of a single language as an industry, globally, it would have significant benefits and it would be the most efficient way to operate not only as security professionals but also as humans. Adobe’s Common Control Framework is an example of this type of construct. The benefits of having a single operating language can truly be amazing in terms of effort reduction and cost reduction. Control Mapping: Today, most brilliant and forward-thinking security professionals are using the control mapping method. The main idea behind this method is to keep the original language intact as much as possible while mapping and matching the intent and meaning of each sentence and word. This is the most practical and realistic approach because this is how humans fundamentally interact with each other globally. One can see this working in real life where two different languages are being spoken by individuals and kept mainly intact, but an interpreter or linguist is translating between the two — the map is developed in the mind of the linguist. Some real-life examples of mapping for cybersecurity frameworks can be seen in HITRUST Framework, Cloud Security Alliance Framework, and even the U.S. Government formally...

View More

Article

Risk Management Framework – Managing & Measuring what matters

A risk management program allows you to manage overall information security risk.  It is an approach to identify, quantify, mitigate, and monitor risks.  The reason to look at risk in a comprehensive manner is to make sure no one area is getting too much attention or, too little. Frameworks also help you identify the bigger elements of risk that need review and mitigation. Additionally, it help you to prioritize the treatment of certain risks. The adherence to risk frameworks also helps give your customers comfort that a standard risk management is in place and hence, reduce your audit burden.  Typically, a Risk Management program comprises of the following phases: Risk identification Risk analysis Risk evaluation Risk treatment Risk Monitoring A good risk management framework will have the following characteristics: Comprehensive in types of risks it covers Practical for an organization to implement Updated with current real-world risks Based on controls that can be reviewed and audited Reliable so that your vendors and customers can accept it There are many risk management frameworks that one can choose from and it important to understand the advantages of each. Common risk management frameworks include: NIST CSF SOC 2 ISO 27001 HITRUST NIST (National Institute of Standards and Technology) framework is a comprehensive cybersecurity framework (CSF).  It is very widely accepted across different company sizes and business domains. Most cyber-security professionals are well aware of this framework as it is readily available.  Although widely available and very popular there is no certified third-party audit mechanism. Hence, it can only be self-assessed.   SOC 2 Type 2 is an internal controls report based on the scope you define.  It is widely used in the United States to show the maturity of your controls.  A CPA firm that is part of the American Institute of CPAs (AICPA) conducts the audit & issues an assessment report.  The AICPA does not audit/review the assessment for completeness or quality.  HITRUST CSF is a framework that came leverages NIST, SOC, and ISO along with others to create a more comprehensive standard.  It is widely implemented in the United States by organisations in the healthcare space.  Unlike others, although there are external assessors that are involved in the certification process, HITRUST reviews all assessments and issues the certificate. Additionally, among all the frameworks above it tends to be the most expensive to implement.  It is important to choose a framework that matches your long-term security goals & needs.  At Accorian, we work with all of the above frameworks. We help organizations choose the right framework and aid with the implementation. This is done by augmenting our team into your security team to help steer the rollout, aid with query resolution, choosing of the right controls & workaround during mitigation advisory, facilitating the selection of vendors & products and end to end program management. 

View More

Article

Accorian Welcomes Farooq Wahab, Director of Cybersecurity – vCISO Services, Canada

Accorian welcomes Farooq Wahab as our new Director of Cybersecurity - vCISO Services, Canada. With over 15 years of dynamic experience in cybersecurity leadership, technology, and compliance, Farooq is set to lead our team in providing top-notch vCISO services to organizations. Farooq has served in leadership roles leading financial services institutions, including Munich Re Group and SGI Insurance. He was the first shared CISO in Canadian Higher Education. In recognition of his services to the profession and for spearheading the adoption of Certified CISO as the Canadian standard, he was awarded the Presidential Award from the EC Council. As the cyber threat landscape evolves with a 15% annual growth rate, having a vCISO leader like Farooq becomes essential. Accorian's Virtual Chief Information Security Officer (vCISO) services ensure your critical systems and sensitive data are safeguarded against increasingly sophisticated cyber threats. With an established presence in the cybersecurity advisory realm, we collaborate with businesses of all sizes to enhance their cybersecurity compliance and offer comprehensive vCISO solutions. To learn more about how our expertise can bolster your organization's security posture, contact us at info@accorian.com or call (732) 443-3468.

View More

Article

ACCORIAN is now CREST Accredited

We super are thrilled to announce that ACCORIAN is now CREST Accredited. CREST is a not-for-profit accreditation and certification body representing the technical information security industry. The CREST Codes of Conduct contain the basic principles that underpin good business practice and ethics, which are all-pervasive. They describe the standards of practice expected of Member Companies and their Consultants and must be observed in parallel with the Code of Ethics. “Accreditation of Accorian is a strong endorsement of its penetration testing team and commitment to robust business processes, data security, and testing methodologies,” said Rowland Johnson, President of CREST. “It also reflects the growing influence of CREST across the Americas and the growing demand for highly-skilled penetration testing services from trusted providers that can demonstrate internationally-recognized, independent validation.” Said Rowland Johnson, President CREST. This accreditation is outcome-focused and concentrates on providing positive outcomes that will benefit and protect clients when achieved. It demonstrates our ability to deliver comprehensive and effective security testing services that meet the most stringent industry standards. Our penetration testers at Accorian are certified and experienced in conducting penetration tests across a client’s entire tech stack, including on-prem & cloud environments. Additionally, they are skilled at conducting adversary simulation tests in the form of red team assessments. The team has a combined experience of working with 500+ clients on 1200+ penetration tests and detection of 25000+ vulnerabilities. Our time-tested and proven penetration testing methodology is built using OSSTMM, OWASP, NIST, and PTES standards. Accorian is an established cybersecurity advisory firm with a global clientele that assists businesses of all sizes in improving their cybersecurity posture through their compliance readiness, audit & penetration testing services, along with meeting long & short-term staffing needs. Our team comprises cybersecurity and IT industry veterans who have held leadership and CXO roles at large global enterprises. Based in New Jersey with regional offices in India, UAE, and Canada, we bring our extensive & diverse experience to our clients. We average over ten years of combined experience in information security & technology as auditors, implementers & testers. Besides penetration testing services, we offer compliance services (readiness and assessment/audit) that include HITRUST, SOC 2, ISO 27001, NIST CSF, PCI DSS, HIPAA, GDPR, etc.

View More

Article

ACCORIAN Joins Civitas Networks for Health

East Brunswick, NJ, May 12, 2022 - Accorian, today announced it has joined Civitas Networks for Health, the largest national network of its kind. Civitas is comprised of member organizations working to use health information exchange, health data, and multi-stakeholder, cross-sector approaches to improve health. Accorian is a leader in providing cybersecurity and compliance services, with a special focus on the healthcare and health technology industry. We work with our clients reduce their security risks and assist companies of all sizes achieve their necessary cybersecurity compliance(s). As an external HITRUST assessor firm, we have helped companies achieve HITRUST certification along with SOC 2 and ISO certifications. “With Accorian’s focus on heath, becoming a member of Civitas allows us to further that focus with the health collaboratives. We hope to continue working with HIEs to strengthen their security and compliance posture,” said Accorian CEO Premal Parikh. “Civitas Networks for Health is excited to have Accorian join our national network,” said Civitas CEO Lisa Bari. “We are raising the voices of local health collaboratives and those providing critical services to support health transformation. From the secure exchange of life-saving data to the accountability of multi-stakeholder initiatives, our member organizations have built the most trusted, connected, and inventive programs to serve their communities.” About Accorian Accorian is full-service cybersecurity and compliance firm that helps its clients with both security AND compliance. Accorian’s clients range from start-ups to fortune 100 firms. Founded in 2019, Accorian is an external HITRUST assessor and a PCI ASV. To learn more about Accorian please visit www.accorian.com About Civitas Networks for Health Civitas Networks for Health is a mission- and member-driven organization dedicated to using health information exchange, health data and multi-stakeholder, cross-sector approaches to improve health. It was formed in October 2021 with the affiliation of the Strategic Health Information Exchange Collaborative (SHIEC) and the Network for Regional Healthcare Improvement (NRHI). Civitas Networks for Health counts more than one hundred regional and statewide health information exchanges (HIEs), regional health improvement collaboratives (RHICs), quality improvement organizations (QIOs) and all-payer claims databases (APCDs) as well as more than 50 affiliated organizations as members and reaches approximately 95 percent of the United States population. To learn more, please visit www.civitasforhealth.org

View More

Article

We are proud of our client, Novus Health Systems, for achieving HITRUST r2 certification. Congratulations.

“We are proud of our client, Novus Health Systems, for achieving HITRUST r2 certification. Congratulations.” In today’s ever-changing threat landscape, HITRUST is continually innovating to find new and creative approaches to address challenges, said Jeremy Huval, Chief Innovation Officer, HITRUST. This achievement places Novus in an elite group of organizations worldwide that have earned this certification. Read More

View More

Article

KPI Ninja Earns HITRUST r2 Certification for Information Security

Congratulations to our client KPI Ninja by Health Catalyst on their HITRUST certification! The certification ensures KPI Ninja meets the key compliance requirements included across a wide rang of industry standards and frameworks, and federal and state regulations. Read More

View More

The Accorian Advantage

Accorian’s cybersecurity and compliance teams bring a wealth of experience to help navigate organizations through their information security journey. Our hands-on, white-glove approach combined with a goal-oriented, proven methodology brings both fiscal value and expertise to each of our clients. The facts speak for themselves.

Ready to Start?

We are Qualified

we are qualified
we are qualified

SECURITY COMPLIANCE & ASSESSMENT SERVICES
CONSULTING & ASSESSMENT SERVICES

PENETRATION TESTING

RED TEAM ASSESMENTS

TECHNOLOGY STAFFING

Contact Info

E. info@accorian.com

T. +1-732-443-3468

Contact With Us

Office Address

Accorian Head Office

6,Alvin Ct, East Brunswick, NJ 08816 USA

Accorian Canada

Toronto

Accorian India

401,402, Prestige Towers, Residency Rd., Shanthala Nagar, Ashok Nagar, Bengaluru, Karnataka 560025, India

Shukla CPA, d.b.a Accorian Assurance is a licensed, certified public accounting firm registered with the American Institute of Pubic Accountants (AICPA) and the Public Company Accounting Oversight Board (PCAOB). Esha IT Corp d.b.a Accorian is a global leader in cybersecurity and compliance professional services.

© 2023 Accorian. All Rights Reserved.

Ready to Start?

Drop your CVs to joinourteam@accorian.com

Interested Position

Download Case study

Download SOC2 Guide