Five Mistakes of Incident Response

Contributed by Dr. Anton Chuvakin

All organizations have to care about security incident response! Unlike detection and prevention, the response is impossible to avoid. While it is not uncommon for the organizations to have weak prevention and detection capabilities, response will have to be there since the organization will often be forced into response mode by the attackers (be it the internal abuser, omnipresent ‘script kiddy’ or the elusive ‘uber-hacker’). The organization will likely be made to respond in some way after the incident has occurred.

This article presents five mistakes that companies make regarding security incident response.

This document is in PDF format. To view it click here.