Why You Need a Concrete Incident Response Plan (Not Strategy)
The State of Security
Recently, I had the privilege to be part of a four-person discussion panel at a security event in London where the topic was about incident response. The panel was hosted by another security professional, and over 50 professionals from the industry were present in the audience.
I’ve worked in information security for 15 years, and I’ve played a part in resolving many security incidents over that time. I learnt quite a few things in the process and understood where technology played an important part.
It should be clear that an organization needs a concrete incident response “plan,” not a strategy. Incident response is a very real thing, and having just a strategy is not sufficient.
The general consensus of the panel implied that any organization, no matter what the size, should have an incident response plan in place – one which should be practiced regularly. It’s no good to write a plan and then not rehearse it. When a real incident takes place, the last thing the organization needs is everyone not knowing what to do next.