Booz Allen Incident Response retainer

PRE-PAID IR RETAINER PACKAGES

**Platinum **

• Hours – 150 Included in the cost of the retainer to the client • 2-hour Phone Response • 24 hours boots on the ground (U.S.)

**Gold **

• Hours – 115 Included in the cost of the retainer to the client • 4-hour Phone Response • 24 hours boots on the ground (U.S.) **

Silver

• Hours – 60 Included in the cost of the retainer to the client • 6-hour Phone Response • 48 hours boots on the ground (U.S.)

SERVICES

Recovery, Rebuild and Remediation Services • Removal of malicious threats from the network. Provide experts to augment or lead remediation and recovery efforts onsite after an encryption event.

Advanced Threat Analysis • Threat analysis by skilled analysts with extensive experience dealing with advanced threat actors, including highly sophisticated cyber criminal groups and nation states.

Digital Evidence Collection and Management • Provide proper collection and management of digital evidence for investigation purposes. Includes both short and long-term evidence storage, and the maintenance of an evidence chain of custody.

Crisis & Incident Management • Coordinate non-technical incident management to help ensure smooth business operations across the enterprise for business units or other stakeholders impacted by the incident.

Malware Reverse Engineering • The reversal of bundled code or binaries extracted from the environment will be performed to determine code functionality, additional indicators associated with the malware family and investigation effort, or other pertinent information.

Digital Forensic Investigation • Independent investigation of an intrusion for the purposes of improving future responses or providing an independent assessment under privilege for litigation support and compliance purposes.

**Threat Actor Negotiation Services ** • Comprehensive threat actor negotiation services developed by experienced former federal law enforcement personnel and seasoned threat intelligence analysists.

Post-Mortem Assessment • A performance review of the incident response and the incorporation of any lessons learned into your incident response plans and playbooks.

Booz Allen has an established a 24x7x365 phone line at +1 888-266-9478 (USA/Canada/global) or +44 808 296 8080 (UK/EU) for your convenience. Call this number to leave a message for the incident response team. You can also email the team at incident_response@bah.com .

EARLY-STAGE RECONNAISSANCE Client contacts Booz Allen's IR Hotline Callback within Service Level Agreement Identify Scope and Support Logistics (Onsite / Remote)

INITIAL COMPROMISE Initial Consultation and Document Historical Observations Designate Central POC: Define Roles and Responsibilities Establish Ops Tempo

DETECTION & ANALYSIS Evidence Collection and Chain of Custody Documentation Log Analysis & Database Forensics Host, Network, Cloud and Mobile Device Forensic Analysis

REMEDIATION & RECOVERY Validate Containment and Eradication through Hunt Identify and Implement Early-Stage Hardening Measures Document IOCs and Actions for Future-State Activities

REPORTING CADENCE & DELIVERABLES Daily Executive Status Briefings Data Collection & Analysis Tracker Updates Executive Summary & In-Depth Investigative Reporting

ONBOARDING Easy Onboarding options for clients

PROACTIVE SERVICES Assessments are used as tools to evaluate Current State readiness and define Target State capability. TEAM Framework. Control Group Families: Technology, Expertise, Associations, Mechanisms. Maps best for NIST CSF, NIST SP 800-53, ISO 27001/2 type assessments.

RESILIENCE Looking at disruptive events beyond cyber by asking: “what is impact to organization, regardless of type?