Problem Statement:

While many organisations think they have a plan to manage a cyber event, most are left unprepared and wanting when faced with a cyber event. We have observed this too often and organisations end up:

  • Dispensing a great amount of effort.
  • Incurring high recovery cost for a long period of time.
  • Staff begin to become fatigued and not interested in turning up for work due to the incredible stress involved in recovering from such an event.
  • The organisation takes a credibility hit and feels like it spends most of the time trying to recover from adverse reactions from their supply chain, and total confusion as they try to understand the legal and regulatory requirements of any commercial liabilities because of the event and the worst-case scenario is they can’t bounce back and find themselves out of business.

Service Description:

AUSCSEC’s “Recovery” service ensures we remove the “panic” first and foremost, and ensure a safe pair of hands in directing cyber event resolution activities efficiently and effectively. Time, money, reputation, and your sustainability as a business is at stake. AUSCSEC will bring in a team of expert critical situation managers with over 100 years of joint experience in managing such events.

Our team of experts will take the lead of the situation and work closely with your internal IT teams, vendors and other partners and key stakeholder to resolve the cyber event.

We can bring in a team of technical experts in any technology vertical. AUSCSEC uses the world’s foremost Problem solving and decision-making methodology to navigate out of critical situations.

Post the event, our team will remain on ground to guide Root Cause Analysis (RCA), identify and assist in implementing permanent corrective actions (PCAs) and assist in documenting Final Incident Report (FIR) for your key stakeholders such as your clients, the board, Insurance vendor, and other key supply chain providers.

We will assist in documenting a “Crisis Management plan” with an operating model. AUSCSEC will complete a thorough handover to your nominated individual or team prior to disengagement. AUSCSEC can also provide ongoing mentoring and guidance to your internal IT staff.


  • Improved recovery times.
  • Reduce Cost.
  • Reduce staff fatigue.
  • Comprehensive analysis of the event in identifying root cause.
  • Ensure permanent corrective actions are identified to reduce and prevent downtime from future attacks/events.

Real Life Example:

A large fed gov agency was hit by an unprecedented IT event. The event brought down all its business functions. Citizens, small to large businesses and everyone in between was impacted. Current members of the AUSCSEC team led the recovery operation. Using the afore mentioned Problem solving and decision-making methodology, along with experience forged in operating under stressful situations, we were able to shift discussions, meetings, and tactics from an emotionally charged response to a data driven response. The team was able to chart a clear path of restoration priority, sequence, and scope, ensuring technical resources were used to produce very specific outcomes efficiently and effectively.

Root Cause analysis identified a “hardware bug”, that is only triggered when a very specific set of conditions is met. Our methodology and experience proved yet again the ability to investigate and identify even the rarest of triggers. The team worked with the research and development team of the hardware vendor to remediate the issues through several corrective actions. The team was able to restore services and apply corrective actions to ensure the fault does not occur in the future. The outcome could have been very different had it not been for the AUSCSEC team members leading the investigations.