Incident Response Management: IR Handling
Incident Response Handling
Incident Response Handling focuses on the actions and efforts required to effectively respond to an incident after it has been confirmed. This includes coordinating among local, state, and federal partners and assisting PSUs in performing the technical and business recovery steps.
Service Description
The state provides subject matter experts, resources, and assistance in various forms ranging from consultation and guidance, to deployment of the N.C. Joint Cyber Security Task Force to assist as needed. Incidents should be reported even if your agency is not requesting assistance.
Program Services & Resources
NCDIT Cyber Incident Management via N.C. Joint Cyber Security Task Force
Key Benefits
Incident response – This includes conducting forensics to identify root-cause, damage assessment and mitigation, and coordination with law enforcement activities as needed. Lastly, it includes information-sharing of indicators of compromise.
Recovery response – This effort could include establishing best practice recovery methods, system hardening, restoration of services and infrastructure rebuild.
Context Note
Please keep in mind that every incident may not necessitate a full-scale response from a group as robust as the NCJCTF. Depending on the impact and severity of said incident, an appropriate response could be to reach out to NCDPI, MCNC, Friday Institute, and/or any of the other proactive-oriented organizations. If you are not sure what level of reaction is appropriate, we recommend reaching out to the JCTF to start.
Cost to PSUs
No cost – funded by NCDIT
PSU Time Commitment
Upfront/Setup: N/A
Ongoing: Varies depending on the severity of the cyber incident
How to get this service
Report cybersecurity incidents to the N.C. Joint Cyber Security Task Force by contacting the N.C. Emergency Management 24-Hour Watch Center, at NCEOC@ncdps.gov or at 1-800-858-0368
Key Resources
