Incident Response: The Gaps

Tips for Effectively Responding to Breaches
To respond to a security incident, an organization must first be aware of it. But too many intrusions go undetected, says Rob Lee of SANS Institute. That's the first problem that needs to be addressed.

"[Organizations] are completely missing the element that they are currently compromised, they were unaware of it, and in some cases these compromises have been going on for months, if not years, before they were finally informed, usually by a third-party entity," says Lee, the curriculum lead and author for digital forensic and incident response training at the SANS Institute. "We're talking about a macroscopic problem," he says.

Beyond intrusions, too few organizations are prepared to respond to today's security incidents, such as external hacks. "Incident response policy is not set in reality," Lee says. "If you go and look at the paperwork, the [policy] is set up more for insider threat-type worries."

Further, organizations typically don't have the proper teams and tools to respond to incidents on the scale we see them today.

In an interview about incident response, Lee discusses:

  • Why many organizations aren't even aware of security incidents;
  • Incident response essentials that many organizations lack;
  • New training and certifications available from SANS Institute.

Lee is an entrepreneur and consultant in the Washington, D.C. area, specializing in information security, incident response, and digital forensics. He is currently the curriculum lead and author for digital forensic and incident response training at the SANS Institute in addition to owning his own firm. Lee has more than 15 years of experience in computer forensics, vulnerability and exploit discovery, intrusion detection/prevention, and incident response.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.