It's human nature to procrastinate, especially when people aren't quite sure of the right way to approach a task.
But when it comes to an incident response (IR) plan, the time to develop one is before a security breach occurs. Unfortunately, far too often it takes an incident to trigger planning.
And that, all security pros know, is far from ideal.
Why Do I Need an Incident Response Plan?Having an IR plan in place is a critical part of a successful security program. Its purpose is to establish and test clear measures that an organization could and likely should take to reduce the impact of a breach from external and internal threats.
While not every attack can be prevented, an organization's IR stance should emphasize anticipation, agility, and adaptation, says Chris Morales, head of security analytics at Vectra.
"With a successful incident response program, damage can be mitigated or avoided altogether," Morales says. "Enterprise architecture and systems engineering must be based on the assumption that systems or components have either been compromised or contain undiscovered vulnerabilities that could lead to undetected compromises. Additionally, missions and business functions must continue to operate in the presence of compromise."
The capabilities of an IR program are often measured on the level of an organization's maturity, which defines how proactive an organization is. Companies that are able to map policies to the level of risk appropriate to the business are better prepared in the event of ..
Support the originator by clicking the read the rest link below.
