I’ve heard it said that experience is something you don’t get until just after you need it. Incident response is one of those things. How do you fully prepare for something that you’ve never had to deal with? Well, there are ways, but you have to prepare before the going gets rough.
The best thing you can do is to define what “incident” means, think through the scenarios, and create a plan to flesh out the preparation steps. Of course, making sure you have the right technologies in place to assist with incident response is important as well. Interestingly, way too many organizations are woefully unprepared for security incidents. Not just in terms of technologies but in terms of having a written plan. I’ve seen about 3 businesses with an incident response plan – out of hundreds I’ve consulted with.
To help you get started, here are several new pieces I created for TechTarget on the subject. The first one in the list about as close as you’re going to get to a comprehensive resource for creating and managing an overall incident response program:
Ultimate guide to incident response and management
Incident response tools: How, when and why to use them
Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black
Remember, when an incident occurs, it’s going to be your testing time. Everyone’s going to be watching to see how you handle things. Why not prepare, in advance, so that you can properly respond rather than simply react?
Check out my additional resources on incident response and I hope this all proves to be helpful for you and your business. If you need assistance with anything incident response-related, reach out to me and I can help.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”