Do not just find the guilty but also eliminate the cause
Determining the real consequences of an incident
Establishing the causes of the incident and the perpetrators
Take measures to prevent the recurrence of such incidents
ASP Labs' practice
ASP Labs conducted an investigation into a serious leak from the organization and collected evidence to indicate the culprit. During the investigation, vulnerabilities in the organization's security system were identified, through which the incident was implemented.
As a result, the client received recommendations on eliminating vulnerabilities, as well as an evidence base for bringing charges against the violator.
ASP Labs specialists were involved in investigation of strange outages at the power substation control system of an electrical substation. They suspected a company providing remote technical support, but an investigation revealed that they were not guilty. It was revealed that the cause of the outages was that the unit was connected with serious infringements of information security: directly to the Internet, and support was provided through the Team Viewer.
As a result, the client corrected the violations, and the complex solution "Arkan" was used, including for journaling.