Does your incident response process lead you in every direction?

Stop what you are doing. Pull out your written Incident Response Process or Plan (if you have one at all). Now, think about this. When is the last time it was physically touched? Is it literally dusty? Does the date on it read one year ago? Two years? Three years or more?

 incident response process.jpg

Next, try to remember why you wrote this Incident Response process. Was it to have a checkbox checked for compliance? Did you even write it yourself? Did you inherit this plan from someone else?

Are you suddenly gasp thinking about these outdated IR plans? It's time to revisit them....

Now which one is the IR plan again?

Your Incident Response process should be a living, breathing document, updated as your network, staff, and company change. How effective is a document that has outdated device info, staff names, contact information, etc.? Do you realize that your IT team isn't the only team involved in a proper response? Consider that IT, Legal, HR, Marketing, Executive, the Board of Directors, and more have their own specific role in a true breach.

The new threat landscape

One thing that all mature InfoSec practices now realize is that it's not if but when their organization will be breached. Preparation is the key to be able to minimize the damage from the attack or attempted attack.

Defense in layers has been preached for years, and while still important, resilience has to be taken into consideration. Defense and alerting allows you to find the threat quickly, but resilience is how you recover and not miss a beat.

Compliance is important, but should be an afterthought when proper security is followed. As long as you employ the right measures for security, its strength can check the compliance boxes for you.

Incident Response is about more than a plan

Consider that the Incident Response process is less valuable without the proper data to investigate.

An organization must store forensic quality, raw logs to be able to dig back in the past. In addition, there are tools available that help by continuously recording 100% of all activity and visualizing the complete attack kill chain empowering real-time response and remediation.

reduce the cost of incident response Carbon Black

Did you enjoy this blog article? Share it with your friends or comment below.


Founded in 2000, CIPHER is a global cybersecurity company that delivers highly accredited Managed Security Services and Security Consulting Services with ISO 20000 and ISO 27001, SOC I and SOC II, PCI QSA and PCI ASV certifications. We have received many awards including Best MSSP from Frost & Sullivan for the past five years. These services are supported by the best in class security intelligence lab: CIPHER Intelligence. Our offices are located in North America, Europe, and Latin America with 24×7×365 Security Operations Centers and R&D laboratories, complemented by strategic partners around the globe. 

Our clients consist of Fortune 500 companies, world-renowned enterprises, and government agencies with countless success stories. CIPHER provides organizations with proprietary technologies and specialized services to defend against advanced threats while managing risk and ensuring compliance through innovative solutions. 

Recent Security Posts


Twitter Feed