If there is one thing adversity can teach you, it’s how to avoid bad situations in the future. Or so you would think. But when it comes to incident response, most organizations fail to conduct a post-incident review (PIR) or when they do, it tends to be ineffective, according to Faranak Firozan, who works in Incident Response for NVIDIA.
As part of the (ISC)2Security Congress 2020, Faranak delivered a presentation on PIR components and goals. She stressed the importance of PIRs in determining the causes of a security incident, its effects and the lessons an organization can learn to strengthen its security posture.
The PIR fulfills three primary objectives – identification, improvement and future protection. Lessons learned about what vulnerability enabled an incident, who and what was affected and the response to the incident are extremely valuable. They provide clues for organizations to strengthen their security postures.
Firozan said a successful review requires certain elements, such as management buy-in, clear end goals, and participation by all relevant stakeholders – not just the teams responsible for security and incident response. Without these elements, organizations may never understand what causes incidents or what tools, policies and practices to put in place to prevent them.
Metrics
A critical piece to any PIR, Firozan said, is the ability to gather metrics, which can be reviewed and tracked to make improvements. Organizations should implement a platform to track metrics and communicate those metrics in understandable terms to company management in order to allocate necessary resources.
Metrics, she said, reveal which departments and network components are struggling with security issues so tha ..
Support the originator by clicking the read the rest link below.
