Through working every day with organizations incident response (IR) teams, I am confronted with the entire spectrum of operational maturity. However, even in the companies with robust IR functions, the rapidly evolving threat landscape, constantly changing best practices, and surplus of available tools make it easy to overlook important steps during planning. As a result, by the time an incident occurs, its too late to improve their foundational procedures.
Broadly put, there are three phases to an IR plan: Preparation, Response, and Post-Incident. In this three-part series, I’ll cover the important steps in each phase that many organizations overlook.
Read more at Security Week