Recently, I had the privilege to be part of a four-person discussion panel at a security event in London where the topic was about incident response. The panel was hosted by another security professional, and over 50 professionals from the industry were present in the audience.
I’ve worked in information security for 15 years, and I’ve played a part in resolving many security incidents over that time. I learnt quite a few things in the process and understood where technology played an important part.
It should be clear that an organization needs a concrete incident response “plan,” not a strategy. Incident response is a very real thing, and having just a strategy is not sufficient.
The general consensus of the panel implied that any organization, no matter what the size, should have an incident response plan in place – one which should be practiced regularly. It’s no good to write a plan and then not rehearse it. When a real incident takes place, the last thing the organization needs is everyone not knowing what to do next.
I experienced this once when I was asked to step in and help with an incident response for a client I was seconded to many years ago. A breach had occurred, and I went to a war room that had been set up. There was no clear leadership, and everyone was trying to tell each other their take and opinion on what happened and what to do next. I took charge, identified the relevant stakeholders in the room and on the call to ensure we had the right people and asked for the facts. As the incident unfolded, it then became clear what needed to be done and who needed to do it, but up to that point, it had been chaos! This (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Paul Norris. Read the original post at: https://www.tripwire.com/state-of-security/risk-based-security-for-executives/concrete-incident-response-plan-strategy/