1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BrandPost: When incident response teams mistakenly identify forests for trees

Discussion in 'CSO' started by RSS, Jun 30, 2016.

  1. RSS

    RSS New Member Member

    Tracking down a cyberbreach’s origins is a painstaking process that pays off in the end. As the AT&T report Cybersecurity Insights notes, an incident response plan detailing the participants, processes, and lines of reporting following a serious attack can help mitigate the impact of a breach.

    Incident response also involves an established sequence of steps, and any attempt to rush the process can make a bad situation even worse. When it comes to the actual work, what’s clear is that patience is a virtue.

    But the task is complicated by organizational challenges, where different teams involved in the process can wind up working at cross purposes because of conflicting priorities. While forensic examiners seek to understand how the intruders compromised the network, systems administrators and security executives are more keen on plugging the breach and then getting the enterprise back online as soon as possible. If they take shortcuts, the danger is that valuable clues about the attackers can get destroyed.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page