The fire department typically has a response plan they can put into use when a building is ablaze, involving equipment, angles to take on the fire, and what to do after the flames have been put out. The same goes for a SWAT team responding to any tactical emergency that warrants their attention, or a public relations agency that steps in when a celebrity or brand is in danger following a controversial event.
When it comes to responding to any particular incident that may cause harm, preparation and planning are essential, and that’s certainly the case as it relates to cybersecurity.
Incident response plans should not only be put in place by major enterprises in danger of having their critical assets be compromised, but also by smaller businesses who are targeted by cyber criminals on a seemingly daily basis. Traditionally seen as a reactive response to cybersecurity, the perception of incident response is beginning to change.
“[Businesses] are realizing that incident response is a proactive activity,” Brian Hussey, global director of incident response and computer forensics at Trustwave told Infosec Insider in a recent video interview [below]. “It does need to be integrated with your entire security infrastructure, rather than it just involving forensic experts after a breach occurs.”
Preparing for what could be the inevitable data breach is all in the planning for companies. But that shouldn’t be mistaken for a “set it and forget it” approach when it comes to creating an incident response plans, Hussey said.
“People change, technologies change, networks change, and you need to be constantly updating it,” he said. “It needs to be a live document. Every time something new occurs you need to be able to respond with live updates.”
In this exclusive video interview with Infosec Insider, Hussey discusses the ins and outs of incident response, why it’s important to test your plan and make it a live document, and why staying up to date on evolving threats is critical for security practitioners.