Incident response and management requires continual growth. Your team will not become proficient overnight, and acquiring knowledge, expertise and maturity takes time, effort, training and a lot of practice. It’s also not a single milestone that you reach and then rest on your laurels. As attackers continue to apply innovative techniques and use new tools, it’s necessary to lay out a development plan to keep up with the ever-evolving threat landscape.
Create an Incident Response Development Plan
Building an incident response team can be a challenging task. Keeping the team relevant and up-to-date and making sure it gradually improves and becomes more mature can be even more difficult. The vast majority of services covered in the FIRST CSIRT Services Framework and the expectations around incident response in RFC2350 make it clear that you can not do it all at once. So which aspects of your team should you focus on first?
One of the common pitfalls in maturing an incident response team is only focusing on tooling. Naturally, this is an essential aspect of the job, but having a tool set under your belt with no standing guidance on how best to use it to provide repeatable results is a recipe for failure. After all, your constituency and stakeholders expect you to deliver a reliable, qualitative and somewhat predictable service, and that cannot be achieved with ad-hoc solutions only.
Additionally, when you respond to an incident, you’ll often have to work w ..
Support the originator by clicking the read the rest link below.
