When performing incident response, focus is extremely important. A significant incident can produce innumerable leads and avenues to investigate. Unfortunately, not all of these leads/avenues are productive ones. Choosing poorly can have the unintended consequence of locking up resources for days while producing very little value-added analysis. It is often difficult to know which direction or directions to go in analytically. In my experience, senior members of the incident response team, who base recommendations on past experiences, lessons learned, and day to day familiarity with the network and its data have good advice to offer here. That being the case, I've always wondered why management ends up driving high profile incidents. It's a bit of a wonder if you think about it....
Monday, October 22, 2012
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment