Thales Service Definition for Cyber Incident Response - Critical Thales Service Definition for Cyber Incident Response - Critical for Cloud Services April 2014 Page 1 of 7
Thales Service Definition for Cyber Incident Response - Critical CONTENT Page No. Introduction... 3 Overview of Service... 3 Critical... 3 Thales Critical Approach... 4 Our People... 4 Why Thales?... 4 About Thales... 5 Pricing... 5 Terms and Conditions... 5 Contact... 6 Page 2 of 7
Thales Service Definition for Cyber Incident Response - Critical Introduction Overview of Service Our Critical package is a defined, fixed price Cyber incident response service which focuses on the critically important first few hours after the discovery of a cyber incident. During this time, it is likely that you will need to make some essential decisions in order to minimize the impact of an incident on your organisation. We will ensure you are able make informed decisions in a timely manner by providing you with the right information and advice at the right time. The Critical service differs from the other Thales Cyber Incident Response services, offering an immediate response to our customers, ensuring that we provide critical support within 24 hours from the start of the incident. We have a dedicated Cyber hotline which is available 24 hours a day, seven days a week, giving you cyber incident response specialists whenever you need them. Thales Cyber Critical service is specifically designed to: Identify - Types and extent of cyber incident(s) that you are suffering from. Minimise - The impact of an incident on your organisation. Recommend - Most appropriate action plan to recover from the incident. Manage - Execute the action plan. Resolve The incident or produce a report with remediation actions. Return - Your business to normal working in the most cost effective manner. Stop - The incident from recurring. Critical Our Critical package is designed to make it quicker and easier for you to get an immediate specialist response you need to deal with an incident. It recognises the critical nature of this phase, acknowledging that if appropriate decisions and actions are not taken during this period, then your organisation may suffer from irreparable damage. During this phase, your dedicated Cyber Incident Response Manager (CIRM) and the Cyber Incident Response Team (CIRT) will work with you to investigate the extent of the incident while providing advice and regular updates on progress. We can have at least one of our incident response team members to your site within 24 hours. If we can resolve the incident within hours, we will. If not, our reporting will outline the most appropriate action plan required to get you back to business as usual using the approach listed below.. Page 3 of 7
Thales Service Definition for Cyber Incident Response - Critical You will receive regular updates on progress throughout the day and we will offer advice on stakeholder management. If required during this phase, we can deploy state-of-the-art automated malware analysis and digital forensics solutions from our strategic partners FireEye and Guidance Software. Thales Critical Approach Those first few hours after discovery of a cyber incident are critical. Our priority is to identify whether you have suffered from a cyber incident as soon as possible. We accept that during an incident, the scope and impact often cannot be fully understood or defined. The process below outlines the Thales approach to delivering tangible results. During Critical, we will aim to get as far as we can through this process. Our People We have a dedicated team of expert cyber incident responders. They have a wealth of invaluable experience including criminal investigations and mitigating state sponsored attacks on commercial and Government organisations. Our incident response teams are professionally trained with numerous qualifications including certification for the tools used in a response such as FireEye and Guidance Software solutions. The Thales Cyber Incident Response (CIR) team is led by former Police Hi-tech Crime Unit manager with many years of experience in managing serious cyber crime investigations. He is supported by the wider team of cyber specialists, many of whom possess industry standard qualifications and certifications, including CREST Registered Testers (CREST), CESG Listed Advisor Scheme (CLAS), Forensic Investigators, Incident Responders, Certified Information Systems Security professional (CISSP), CESG Certified Professional (CCP), Network Architects, Security Architects and ISO27001 Lead Auditors. Why Thales? Thales has both the breadth and depth of experience to manage any cyber incident and get you back to business as usual, whatever your business or industry sector. We have specialist experience in supporting Defence and UK Critical National Infrastructure (CNI), including Transport, Energy, Water and Nuclear sectors. Page 4 of 7
Thales Service Definition for Cyber Incident Response - Critical Within these sectors we have a wealth of experience in Industrial Control Systems (ICS) and System Control and Data Acquisition (SCADA). We use state-of-the-art tools from FireEye and Guidance Software to ensure that your incident is dealt with quickly and effectively. We have the experience and security clearances necessary to handle the most sensitive data, networks and technology. We have the subject matter and domain expertise to understand your business and focus effort on the information you really need to protect. We will provide post-incident support to make sure your business is in the strongest position to prevent future incidents. We are an approved supplier of cyber security services to HMG, and we are trusted to secure over 80% of the world s financial transactions. We are a trusted Cyber Security practitioner with a global network of over 1,500 accredited cyber and encryption specialists building upon 40 years of experience. We can pull through capabilities from our industry partners and the global Thales Group to ensure maximum service availability. About Thales Thales is a global technology leader in the Aerospace, Transportation and Defence & Security markets. In 2013, the company generated revenues of 14.2 billion with 65,000 employees in 56 countries. With its 25,000 engineers and researchers, Thales has a unique capability to design, develop and deploy equipment, systems and services that meet the most complex security requirements. Thales has an exceptional international footprint, with operations around the world working with customers and local partners. Pricing Thales Critical Service is a defined, fixed price service which enables your organisation identify critical incidents. Our Service is a cost effective one off fee of 10,000 and ensures we get a specialist to your organisation within 24 hours. Please refer to the individual rate cards and pricing schedules for further details on pricing information. Terms and Conditions Please see the individual terms and conditions card for further information on our Terms and Conditions. Page 5 of 7
Thales Service Definition for Cyber Incident Response - Critical Contact To discuss or speak to Thales about our Gateway cloud services, we would be delighted to hear from you. We can be contacted on: thalesg cloud5@uk.thalesgroup.com Page 6 of 7