Preparedness for security practitioners is similar to a boxer’s stance; if they’re caught on their heels, they’ll inevitably hit the canvas when the inevitable punch connects. The same stands true for the modern day security warrior. They have to be prepared in case any security incident occurs, not sure pre-incident, but post as well.
Incident response is a critical component of any security strategy, but as much as it may seem like that’s common knowledge, too many infosec pros still fail to build out a plan successfully. For those looking to build out an effective incident response plan, it all starts with ensuring you have a good executive sponsor, says Sam McLane, chief technology services officer for Arctic Wolf, a SOC-as-a-service provider.
Communicating the value and effort it takes to develop the plan to a stakeholder in the business can go a long way, so it’s important to have that before you get started, he says.
“If you don’t have that kind of buy-in and if they don’t think it’s important, you’re going to fail,” McLane told InfoSec Insider during a video interview shot at the Black Hat, a security conference in the US. Naturally, the next step is to get started in creating the plan and communicating it effectively to all stakeholders in the business, he added.
In the full video interview below, McLane discusses the major dos and don'ts when it comes to incident response, in addition to some misconceptions that some security practitioners may have on the topic.