Do you know what to do if your company experiences a security incident? All too often, you see information on how to prevent breaches through technology, processes, frameworks, and more. Yes, these are all necessary and should be implemented for every organization — no matter the size.
But, after a breach has occurred, what are the next steps? Of course, emotions run high as a result; poor actions and decisions could exacerbate the situation, leading to more harm than good.
To stop this worst-case scenario from becoming reality, you need to be armed with the knowledge to best respond to a security breach. That means getting prepared now.
This is your “for CISO, by CISO” incident response guidebook delivering insight from Acceleration Economy CISO Practitioners Chris Hughes, Rob Wood, and Frank Domizio, all of whom have “been there and done that.” They draw from a wealth of public- and private-sector experiences, taking you through every step of what you need to do after a security breach has happened, including:
- Prioritizing cybersecurity incident response teams
- The 5 “whys” of immediate response
- Communication strategies to keep investigations running smoothly
- The importance of consulting a lawyer
- Using a Responsible, Accountable, Consulted, and Informed (RACI) framework in security incident response
- Why attack-specific threat hunting is critical
- How to stop data loss
- Identifying the difference between primary and secondary impacts
- Guidance on how to think like your adversary
- Preventing future incidents by using regression testing and deception technology