The absolute worst time to develop a breach response plan is directly after you have discovered a breach. The absolute best way to have your team fail at responding is to not have them trained with well-practiced procedures and have them be overly reliant on expensive, improperly configured technology. Strike, strike, strike. It is proven that people perform at their very worst in these exact conditions, making the task of recovery and root-cause analysis even more challenging.
See Also: Secure Access in a Hybrid IT World
This session will discuss a simple framework (that attendees will be able to take away and adapt for their own organizations) with which an effective response procedure can be created and practiced. By focusing on the people/process functions more than technology when an attack is identified, a measured practiced response can be smoothly executed, providing the best possible path to remediate, recover and potentially even retaliate. Now wouldn't that be nice?