Organizations spend money on Prevention and Detection but most fail in IR.
So, IR has always been one of my favorite topics.
According to the article:-
TIPS:
- Know your target data
- Document plans for various scenarios
- Establish a base of operations
- Nominate a single point of contact
- Update and maintain
Incident response is something that is developed and something that changes with the organization over time.
"So they spend all this time, and all this training, and all this education that they've got, and all the money that they invested in parameter defense, and even internal defenses, but they didn't spend a dime on incident response.
Incident response tends to be, in most cases, an ad-hoc thing that's put together as needed; it's almost like a volunteer fire department. The only difference is that the volunteer fire department is properly trained, they have the right processes, [and] they have the right tools."
Unless plans were developed and tested beforehand, then these common problems show themselves at the worst possible time; during an actual incident.
"What IT gets right is that they know their infrastructure. They know where their data of value is, they know ingress points [and] they know egress points. It's their network, they understand how it works. What they get wrong is they don't use the working knowledge that they have of the network to understand how and incident would occur,"
One of the often repeated problems with incident response is that organizations rarely understand those who are attacking them, what the attacker is looking for, and how they are trying to get it.
Knowing all the routes and access points to the critical data is a must, so that when something happens you can accurately flag the incident and deal with it appropriately.
No matter how good the plan is, it never survives its first real test. Make sure there is an after action report made, and that any mistakes, problems, or failures are learned from. Adjust plans and policies as needed
The link below has more information:-
No comments:
Post a Comment