ISMG’s Executive Roundtables focus on specific challenges being faced by information security executives in today’s cybersecurity landscape. Moderated by one of ISMG’s Executive Editors and a guest industry expert, Roundtables give cybersecurity professionals the opportunity to discuss threats and controls with a handful of market leaders in an informal setting, from which you will emerge with new ideas and solutions you can immediately put to work to improve your own organization’s defensive posture.
Incident Response 2.0 – Why Timing of IR Actions is Critical
Responding to an incident is a finely balanced process. A mature response to a breach incident requires setting up a defined timeline and making the right moves at the right time to avoid losing the quarry. This is essential to determine the extent, scope and fallout – and if one is lucky, the motive – for an incident. While the urge to pull the plug and re-image affected systems is compelling, practitioners worth their salt today, know better than to do this.
Timing is everything – starting with containment, then posturing to string the attacker along and, followed by eradication of the threat from the environment. Eradicate too soon or too late, and you warn the attackers, who will cover their tracks to try again later changing their TTPs to accomplish their mission. Each step needs to follow a well-established and rehearsed timeline.
Just as first responders to disasters practice each step of the process, cyber incident responders need to bring in the same level of diligence to formulate strategies to minimize impact and time to effective remediation.
If you’re looking for new perspectives on incident response, then join Tom Field for an exclusive roundtable discussion where attendees will tackle such topics as:
- What are steps to a successful remediation and the cadence in which these activities need to be executed?
- What are the factors based on which the timeline for each incident response activity can be determined?
- How do you determine the timing of remediation actions?
- When is it too soon to eradicate and why must you follow the timeline for each process?
- How can you implement an effective eradication plan?
- What are the strategic learnings from each incident and how can these be cycled back into the security fabric?