Incident Response Test

Through a simulated attack, clients are able to see the strengths and weaknesses of their incident response program.

The Incident Response Test simulates a real-world incident by pairing evaluations of incident response security controls with active testing. SecureState simulates an attacker attempting to gain remote or local access to your company's network and systems. SecureState Incident Response team members review your existing documentation and monitor security responses to the attacks, then illustrate opportunities for improving detection, alerting, and response capabilities.


Regular testing of an organization’s incident response capabilities is crucial to ensuring that existing procedures are effective and that personnel are prepared to execute them. Incident response testing consists of multiple parts: a penetration test to simulate real-world attack activity, interviews with and observation of information security and response staff, and review of incident response documentation. Together, all of these data points are used to highlight strengths, weaknesses, and opportunities to streamline and improve incident response and investigations.


Your testing will be performed by a member of SecureState’s Incident Response team: professionals that have provided incident handling techniques, response, and forensic investigations for government and military organizations and Fortune 100 companies. Our broad range of cross-industry experience allows us to identify what risks may be present in under-developed incident response programs as well as to suggest the next steps that will help you organization gain visibility on your networks and act faster in the event of a security risk.

Approach and Methodology

An Incident Response Test is designed to assess how well an organization’s Incident Response Team or technical IT staff respond to an attack against the company’s network, infrastructure and sensitive data. The IR Test is designed to evaluate the maturity of your organization’s incident response program across five domains using Carnegie Mellon’s Capability Maturity Model Integration, or CMMI. SecureState uses the CMMI as a framework for control evaluation to access current IR documentation, security controls and the effectiveness of those controls.

An Incident Response Test goes beyond traditional table-top exercises by evaluating real-time responses to live attacks against the client’s systems. SecureState will begin with a review of any applicable documentation, from ad-hoc incident handling procedures to defined incident response plans. Whether the assessment is held on-site at your company’s location or remotely, SecureState will interview your incident response and security personnel to determine what security controls are currently in place.

Then, when the simulated attack begins, SecureState will continue to interface with incident response personnel, review alerts and logs that are generated, and observe your company’s response procedures. This multi-phased approach allows SecureState to validate that incident response documentation and technical controls (i.e. alerting) are implemented properly and functioning as expected.

Get Started!