Historically speaking, having a plan of attack has gotten a bad rap.
Helmuth von Moltke the Elder, who famously said, “No plan survives contact with the enemy,” shared that sentiment with a predecessor in war, Napoleon Bonaparte, who said, “I never had a plan of operations.” Eisenhower warmed up to planning a bit: “In preparing for battle, I have always found plans useless, but planning indispensable.” Legendary management consultant Peter Drucker is widely quoted as having said, “Plans are only good intentions unless they immediately degenerate into hard work.”
Fortunately, planning continues to have some value for the rest of us, and our troops and first responders are spending as much time drilling as they spend responding to events. Of course, this applies to our line of work as well. Like many business processes, incident response is often addressed by evoking a virtuous cycle: prepare, detect, contain, eradicate, recover and improve.
To respond to incidents effectively, we need to have a dynamic, adaptable plan that we are well-prepared to execute. The detection, containment and eradication phases typically get the most attention. The process starts with assessments, such as the 2019 Cost of a Data Breach Report, and naturally leads to an inspection of organization preparedness across industries. There are many ways to prepare the technical steps needed to contain and eradicate an attack once it is detected, including one of my favorite new tactics: the cyber range.
It’s also worthwhile to plan our responses to the non-technical aspects of incidents. Being prepared in advance to take timely, prudent steps to contain p ..
Support the originator by clicking the read the rest link below.
