We are constantly told that there are two kinds of businesses – one that has been breached and one that will be. If a breach is inevitable, why do we spend so much money on prevention and very little on detection and response when an Incident Response Plan may be your saving grace.
Prevention, Detection & Response
It seems that there is an imbalance between prevention, detection and response for many companies. Admittedly, getting funding for writing policies and procedures for Incident Response is a lot more difficult than a shiny new firewall that has lots of blinking LEDs. Besides, implementing firewalls, web application filters, and that fancy port access system you just acquired, are just plain fun to play around with – who wants to write documentation anyway?
I do, actually
It’s time for a shift in thinking. Having a plan to know what to do when an incident occurs must be top priority – especially if the InfoSec pundits are right about everyone eventually getting breached. The ability to detect incidents is obviously a prerequisite to having an incident response plan. In my next post, I will talk about why many companies don’t have the visibility they think they do when it comes to detecting incidents.
If you need some help putting together an Incident Response Plan, Peters & Associates can help you put together the basics quickly and also guide you through establishing a long-term strategy. Contact us to speak with one of our security solution experts at firstname.lastname@example.org or 630.832.0075.