Incident Response

TWM Associates, Inc. (TWM) reviews incident response polices, processes, and practices, as well as providing specific incident support.

TWM is often called upon to help our customers respond to specific Computer Security Incidents to provide root-cause analysis, collect what is necessary for any potential investigative processes, and to identify where in the organization the incident could have been prevented.

TWM follows a five phase process to respond to and investigate security incidents: Preparation, Identification, Containment, Eradication, Recovery, and Follow-up. In addition, TWM provides continuous improvement through periodic or customer specified review of implemented security controls, improving upon existing standard operating procedures, and by daily monitoring for new vulnerabilities. When needed, TWM proposes future security measures based on strategic visions, and existing funding measures.