The term incident response means a lot of things to a lot of people. Historically, words like “unpleasant” or “chaotic” come to mind when thinking about the last time many organizations responded to the suspicion of a compromise by external attackers. Today, for most organizations incident response is a part of their security program but is still primarily a reactive premise centered on a plan or policy document that describes how they should handle such an event.
How do you ensure your incident response plan is optimized to handle the demands of an escalating threat landscape? Is a plan enough?
I recently spent some time talking with the Incident Response experts on my team, our partners, and about 80 customers in CISO roundtable events over the past few months. A clear answer surfaced.
An incident response plan is...