The detect and respond phase of KPMG’s Cyber Security Framework is about the response to and investigation of cyber attacks.
KPMG’s Cyber Response and Investigations teams work closely with clients to detect, contain and recover from cyber attacks; once this has been done, the teams investigate the origin of the attacks. Our digital forensic teams can provide a reliable, end-to-end digital forensic and expert witness services, from investigation strategy and planning, scoping and collection to analysis and presentation of material to court.
What’s on your mind?
- Are there malicious insiders in my organization, abusing their position and system access for any illegal purposes?
- How do I determine whether I’m subject to sophisticated attacks from criminal gangs, competitors or nation states?
- Is it possible to recover from Internet worms or malware that take over workstations and systems?
- What should we do if we don’t have the full capability to respond to a cyber attack?
- How do I determine and prove the course of events of an attack?
- How do I prove the integrity and provenance of electronic data being used in investigative or litigation proceedings?
KPMG member firms can provide deep technical expertise to help you respond to and investigate sophisticated cyber attacks. Our services include:
- Cyber attack detection through network monitoring and sophisticated data analytics
- Rapid response teams to contain, manage and recover from current cyber attacks, including rapid preservation of data for evidential purposes
- Advanced digital forensics capability to gather, preserve and interpret large data sets, deleted or ephemeral data in order to prove a chain of events
- Investigation into and reporting on cyber attacks for evidential or insurance purposes
- Expert witness services
- Advanced training and cyber response capability development