Invest and practice: Grant Oviatt, director of incident-response engagements at Red Canary, lays out the key building blocks for effective IR.
The COVID-19 pandemic has highlighted the pressing need for security organizations to implement a structured, detailed and well-practiced incident-response plan. While the walls of organizations have extended from corporate offices to employee living rooms, security-control effectiveness has attenuated over a workforce of home networks and unmanaged assets.
To add insult to injury, ransomware operators have opportunistically jumped into action to capitalize on this expanded organizational footprint. A concert of increased threat activity and reduced visibility makes it vital for organizations to invest the time in developing an effective incident-response plan to reduce business impact in the event their organization experiences significant compromise.
To that end, let’s discuss the key building blocks to building and testing an effective incident-response plan.
Key Building Blocks for Effective Incident Response
The main goal of an incident-response plan is to minimize business and operational impacts from a security incident, of course. While of critical importance to an overall security program, IR plans extend beyond developing effective security monitoring to keep threats at bay, like increasing security operations center (SOC) automation and alert