Incident Response: The Gaps

Tips for Improving How Organizations React to Breaches

By , April 12, 2012.
Incident Response: The Gaps

To respond to a security incident, an organization must first be aware of it. But too many intrusions go undetected, says Rob Lee of SANS Institute. That's the first problem that needs to be addressed.

"[Organizations] are completely missing the element that they are currently compromised, they were unaware of it, and in some cases these compromises have been going on for months, if not years, before they were finally informed, usually by a third-party entity," says Lee, the curriculum lead and author for digital forensic and incident response training at the SANS Institute. "We're talking about a macroscopic problem," he says.

Beyond intrusions, too few organizations are prepared to respond to today's security incidents, such as external hacks. "Incident response policy is not set in reality," Lee says. "If you go and look at the paperwork, the [policy] is set up more for insider threat-type worries."

Further, organizations typically don't have the proper teams and tools to respond to incidents on the scale we see them today.

In an interview about incident response, Lee discusses:

  • Why many organizations aren't even aware of security incidents;
  • Incident response essentials that many organizations lack;
  • New training and certifications available from SANS Institute.

Lee is an entrepreneur and consultant in the Washington, D.C. area, specializing in information security, incident response, and digital forensics. He is currently the curriculum lead and author for digital forensic and incident response training at the SANS Institute in addition to owning his own firm. Lee has more than 15 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response.

Follow Tom Field on Twitter: @SecurityEditor

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE FFIEC to Prepare New Cyber-Risk Policy

The FFIEC says it's taking several additional steps, including updating and supplementing its...

Latest Tweets and Mentions

ARTICLE FFIEC to Prepare New Cyber-Risk Policy

The FFIEC says it's taking several additional steps, including updating and supplementing its...

The ISMG Network