Five Mistakes of Incident Response

by Dr. Anton Chuvakin Oct. 1, 2017 via Infosecwriters

All organizations have to care about security incident response! Unlike detection and prevention, the response is impossible to avoid. While it is not uncommon for the organizations to have weak prevention and detection capabilities, response will have to be there since the organization will often be forced into response mode by the attackers (be it the internal abuser, omnipresent ‘script kiddy’ or the elusive ‘uber-hacker’). The organization will likely be made to respond in some way after the incident has occurred.