TRENDING:

Incident Response: The Gaps

Tips for Effectively Responding to Breaches Tom Field (SecurityEditor) • April 16, 2012     10 Minutes   
To respond to a security incident, an organization must first be aware of it. But too many intrusions go undetected, says Rob Lee of SANS Institute. That's the first problem that needs to be addressed.

"[Organizations] are completely missing the element that they are currently compromised, they were unaware of it, and in some cases these compromises have been going on for months, if not years, before they were finally informed, usually by a third-party entity," says Lee, the curriculum lead and author for digital forensic and incident response training at the SANS Institute. "We're talking about a macroscopic problem," he says.

Beyond intrusions, too few organizations are prepared to respond to today's security incidents, such as external hacks. "Incident response policy is not set in reality," Lee says. "If you go and look at the paperwork, the [policy] is set up more for insider threat-type worries."

Further, organizations typically don't have the proper teams and tools to respond to incidents on the scale we see them today.

In an interview about incident response, Lee discusses:

  • Why many organizations aren't even aware of security incidents;
    • Incident response essentials that many organizations lack;
  • New training and certifications available from SANS Institute.

Lee is an entrepreneur and consultant in the Washington, D.C. area, specializing in information security, incident response, and digital forensics. He is currently the curriculum lead and author for digital forensic and incident response training at the SANS Institute in addition to owning his own firm. Lee has more than 15 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response.

Previous
Heartland CEO on Breach Response
Next
Identifying Undetected Breaches



Around the Network

Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare
Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Properly Vetting AI Before It's Deployed in Healthcare
Properly Vetting AI Before It's Deployed in Healthcare
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.