Incident Response Intake Form
Please complete the fields below and provide as much detail as possible.
What is the nature of your request today?
Organization experiencing a cyber security incident or breach!
Other
Organization Information (Experiencing the Incident)
*
Please provide details:
Full Legal Name of Organization
Street Address
Street Address (2)
City
State
Zipcode
Primary Contact First Name
Primary Contact Last Name
Primary Contact Title
Primary Phone
Primary Email Address
Website
Organization Specifics
Please provide details:
Year Established
Industry Sector
Number of Employees/Members
Number of Workstations
Number of Laptops
Number of Servers (Physical)
Number of Servers (Virtual)
Number of IT Staff
Number of Security Staff
PLEASE COMPLETE AS MUCH OF THE INFORMATION BELOW AS POSSIBLE. THIS WILL ALLOW US TO BETTER ASSESS YOUR CURRENT ENVIRONMENT AND THE INCIDENT OR BREACH.
Please describe the incident or breach in as much detail as possible:
Please provide a timeline of events:
Please provide a list of actions that have been taken so far:
What are your current priorities for restoration of business applications (provide an ordered list if possible)?
Cyber Security Questionnaire
Please provide details:
Do you have Endpoint Detection & Response including Next Generation Anti-Virus on all endpoints?
Do you have Managed Detection & Response in place for all sources of active detection?
Do you have Advanced Email Protection for O365/Gsuite as well as your cloud-based collaboration platforms which includes pre and post delivery protection, url and attachment sandboxing, anti-malware scanning, data loss prevention, and encryption?
Do you have MFA Implemented for all users?
Do you have MFA Implemented for all remote access/3rd party applications?
Do you have application whitelisting/safelisting enabled for all workstations and servers?
Do you use a zero trust network access solution to control remote access?
Do you have PAM Implemented for all privileged accounts?
Do you have a password manager implemented for all users?
Do you have Zero Trust Segementation Implemented for all endpoints?
Do you have Single Sign On enabled and configured for all 3rd party applications?
Do you have at-rest encryption enabled for all endpoints/devices?
Do you have a formal patch management program in place which is informed by critical security and vulnerability data within 30 days?
Do you have an immutable backup strategy (3+ backup sources covering all systems/data, at least one offline/inaccessible from the network where the systems/data reside)?
Do you have a Vulnerability Management program which performs scans at least bi-weekly?
Do you have a log resilience/centralization platform (such as a SIEM)?
Do you have a mobile device management solution implemented for all related devices?
Do you have a written cyber security program in place which aligns with regulatory requirements and/or industry standards (NIST, CIS, etc)?
Do you have Next Generation Firewalls at all locations (including inbound/outbound proxy, threat detection, DoS protection, etc)?
Cyber Liability Insurance Questionnaire
Please provide details:
What coverage limit is required?
Do you currently have cyber liability insurance?
What is the existing coverage limit?
Who is the incumbent insurance carrier?
When is the renewal date for this policy?
Have you received an offer for renewal?
Do you have segregration of duties and business controls in place for outgoing payments/funds transfers?
Please list the dates and provide details (ransomware, business email compromise, data loss, etc) of any incidents or cyber insurance claims which occurred in the last 5 years?
DFIR Questionnaire - Insurance Information
Please provide details:
Insurance Carrier
Claim ID#
Claim Manager Name
Claim Manager Email Address
Claim Manager Phone Number
DFIR Questionnaire - Company Background
Please provide details:
High Level Details
General Description of Environment
Headquarters Location
Office + Datacenter Locations
Where is the IT Staff Located
DFIR Questionnaire - Incident Background
Please provide details:
Ransomware Variant?
Ransome Note Found?
Has there been any communication with the threat actor?
Initial Ransom Demand?
Earliest Known Date of Impact?
What is the earliest evidence of compromise identified so far (if known)?
Has the decryption utility been acquired?
Any knowledge of exfiltration?
What is the scope of the infection/ransom?
Any previous knowledge of the infection (Ransomware, Malware/BEC/etc)?
DFIR Questionnaire - Assets
Please provide details:
Do you have an IT asset list?
Any web services or cloud services to be aware of?
Business critical servers and applications?
Any legacy operating systems?
What kind of network devices are in the environment?
Are systems bootable?
What technologies are used for managing assets and pushing out software/patches/etc?
Are all devices patched and up to date?
Do employees work remotely?
Do employees utilize their own devices?
Who is your firewall vendor?
Any logs being retained and for how long?
Is there an existing XDR/MDR or AV solution in place?
DFIR Questionnaire - Backups
Please provide details:
Do you have any backups?
Backup Vendor Name?
Type of backups (tape, cloud, on premise)?
Full image/system backups?
Is the backup server domain joined?
How far back do they go?
When was the last time you restored and tested backups?
SAN Solution (Nimble, HPE, Dell EMC, NetApp):
Were snapshots enabled and if so have they been disabled?
Is Active Directory working?
AD Architecture (forests, domains, trusts, Azure AD):
If Azure AD is in play, what is in Azure vs. on-premise and is writeback enabled to keep Azure AD passwords sync'd with on premise AD?
Number of Domain Controllers:
Domain Controller Server Name(s):
DFIR Questionnaire - Email
Please provide details:
Email Vendor:
Where does email authenticate?
MFA required?
DFIR Questionnaire - Remote Access
Please provide details:
Remote Access Vendor:
MFA required?
Are authentication logs available?
How far back?
Is Cyber Liability Insurance currently in place?
Yes (Cyber Liability Insurance Policy)
Yes (Cyber Liability Rider ONLY)
No
Unsure
If cyber insurance outcomes are desired and a workshop is required. Please request an appointment below.
Appointment
Are you submitting this request on behalf of another organization?
Yes
No
Submitter Name
*
First Name
Last Name
Submitter Organization
Submitter Email
*
example@example.com
Date Submitted
*
-
Month
-
Day
Year
Date
Hour Minutes
AM
PM
AM/PM Option
Submit
Should be Empty: