Kevin Beaver's Security Blog

How does your incident response program measure up?

I’ve heard it said that experience is something you don’t get until just after you need it. Incident response is one of those things. How do you fully prepare for something that you’ve never had to deal with? Well, there are ways, but you have to prepare before the going gets rough.

The best thing you can do is to define what “incident” means, think through the scenarios, and create a plan to flesh out the preparation steps. Of course, making sure you have the right technologies in place to assist with incident response is important as well. Interestingly, way too many organizations are woefully unprepared for security incidents. Not just in terms of technologies but in terms of having a written plan. I’ve seen about 3 businesses with an incident response plan – out of hundreds I’ve consulted with.

To help you get started, here are several new pieces I created for TechTarget on the subject. The first one in the list about as close as you’re going to get to a comprehensive resource for creating and managing an overall incident response program:

Ultimate guide to incident response and management

Definition: incident response (formerly published at techtarget.com)

Incident response tools: How, when and why to use them

Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black

Remember, when an incident occurs, it’s going to be your testing time. Everyone’s going to be watching to see how you handle things. Why not prepare, in advance, so that you can properly respond rather than simply react?

Check out my additional resources on incident response and I hope this all proves to be helpful for you and your business. If you need assistance with anything incident response-related, reach out to me and I can help.