10 Steps for Early Incident Detection
We’ve all said it before: “When it comes to data breaches, it’s not a matter of IF but WHEN.” As we accept that eventually we’re going to have to respond to incidents, it just makes sense to focus our attention to detecting them earlier and effectively.
I’ve recently had the pleasure of working with Brian Honan, security expert and founder/head of the Irish Reporting and Information Security Service, on an incident detection paper. According to him, information security is only as good as the response it generates. In order for organizations to ensure a strong response, it is necessary to detect incidents early to minimize the negative impact and project a positive image of the organization’s security posture.
Because potential security incidents can come from numerous different sources, it is important to understand the attack source and adjust your security solutions to match your opponent’s objective. You also need to know what elements to leverage within your organization to ensure early identification of an incident and the appropriate response.
We’ve developed a 10 Steps for Early Incident Detection whitepaper that provides ten effective steps you can take to get early indicators of a security incident. The first five of these are:
- Understand Your Business
- Analyze Your Network Patterns and Behaviors
- Segment Your Information
- Harden Your Systems and Detect Unauthorized Changes
- Monitor and Correlate Your Logs
If I’ve peaked your interest, you can download the 10 Steps for Early Incident Detection whitepaper (registration required) for a complete list of steps that you can utilize to delay the attacker from achieving its goal and respond early and effectively.
We also have two upcoming webcasts where Brian Honan and myself will provide a practical step-by-step approach to implementing an early warning system for your organization. Select your preference and register for these live events (they will be recorded in case you miss them):
And to conclude this post on a less serious note, I thought I would include this short video by Javvad Malik on incident response and what NOT to do when you detect and incident.
Match with smoke image via Shutterstock.