One of the most unfortunate mistakes I’ve seen in enterprise security operations is the knee jerk reaction. When something goes wrong, there is overwhelming pressure to do something -- anything. In the absence of experience, this can sometimes lead to a dizzying array of reactive activities. For example, after a breach notification, one of the biggest mistakes I’ve seen organizations make is to begin running off in dozens of unfocused and uncoordinated directions. Although action clearly needs to be taken, it would be better to perform incident response in a structured, organized, and professional manner.
A better approach than the knee jerk reaction is to keep calm and be prepared. Have the people, process, and technology in place ahead of time to perform incident response rapidly, smoothly, and efficiently when the need arises.
People: Build and train a strong team of analytical, responsive, and professional individuals. Put the right leadership in place. Have an agreement in place for surge support/incident response support ahead of time, so that precious time isn’t wasted getting these agreements set up during a breach response.
Process: Have a mature incident response process at the strategic, tactical, and operational levels. Ensure that team members at all levels are intimately familiar with the process and able to communicate progression through the process during incident response.
Technology: Remember that incident response is first and foremost dependent on the ability to interrogate the data rapidly and assess damage quickly. Put the right technology in place for this purpose ahead of time -- covering both collection and analysis.
Rash decisions are seldom the right decisions. It’s more helpful to be prepared to perform incident response with the right people, process, and technology. That is the only way and organization can be in a position to calmly make rational, fact-based, and accurate decisions during a breach response.
A better approach than the knee jerk reaction is to keep calm and be prepared. Have the people, process, and technology in place ahead of time to perform incident response rapidly, smoothly, and efficiently when the need arises.
People: Build and train a strong team of analytical, responsive, and professional individuals. Put the right leadership in place. Have an agreement in place for surge support/incident response support ahead of time, so that precious time isn’t wasted getting these agreements set up during a breach response.
Process: Have a mature incident response process at the strategic, tactical, and operational levels. Ensure that team members at all levels are intimately familiar with the process and able to communicate progression through the process during incident response.
Technology: Remember that incident response is first and foremost dependent on the ability to interrogate the data rapidly and assess damage quickly. Put the right technology in place for this purpose ahead of time -- covering both collection and analysis.
Rash decisions are seldom the right decisions. It’s more helpful to be prepared to perform incident response with the right people, process, and technology. That is the only way and organization can be in a position to calmly make rational, fact-based, and accurate decisions during a breach response.
No comments:
Post a Comment