Benjamin Franklin is quoted as saying by failing to prepare, you are preparing to fail. In many ways, this sentiment is quite accurate when it comes to organizations and the threat of cyber attacks. Preparing for a cyber attack is a critical function that must be taken as seriously as any other aspect of cyber security. Having a solid understanding of the Incident Response Process to build on with an incident response capability can provide organizations with a measure of preparation so that in the event of an incident, they can respond. Keep in mind as we move forward that the forensic techniques, threat intelligence, and reverse engineering are there to assist an organization to get to the end, that is, back up and running. This chapter explored some of the preparation that goes into building an incident response capability. Selecting a team, creating a plan and building the playbooks and the escalation procedures allows an CSIRT to effectively address an incident. The CSIRT and associated plans give structure to the digital forensic techniques to be discussed. This discussion begins with the next chapter where proper evidence handling and documentation is the critical first step in investigating an incident.
United States
Great Britain
India
Germany
France
Canada
Russia
Spain
Brazil
Australia
Singapore
Hungary
Ukraine
Luxembourg
Estonia
Lithuania
South Korea
Turkey
Switzerland
Colombia
Taiwan
Chile
Norway
Ecuador
Indonesia
New Zealand
Cyprus
Denmark
Finland
Poland
Malta
Czechia
Austria
Sweden
Italy
Egypt
Belgium
Portugal
Slovenia
Ireland
Romania
Greece
Argentina
Netherlands
Bulgaria
Latvia
South Africa
Malaysia
Japan
Slovakia
Philippines
Mexico
Thailand