Investigating events and responding to incidents
I think you'd all agree when I say "by failing to prepare, you are preparing to fail" in terms of incident response and investigations. Without adequate response plans, playbooks, and documentation, we're destined to be scrambling without any proper direction when we face a breach, outage, or some other information security event.
We can have incredible software solutions to help identify malicious and risky activity inside our estate, but it's all pointless without an adequate plan for what to respond to and how to respond.
We should begin the process of defining our incident response plan by defining what constitutes the initiation for a response. What types of information security events will lead to a member of your organization investigating or responding?
Not all information security incidents are information security breaches, but all information security breaches are information security incidents...