Earlier this year, I spent time helping a company as it responded to a serious security incident. During that engagement, I had the opportunity to witness firsthand how a lack of planning can hamper incident response efforts. My takeaway was simple: Effective incident response requires proper preparedness.
While that sounds like a common-sense conclusion, the stark reality is that many organizations simply don’t have a solid incident response capability, and that fundamental gap limits their ability to even determine whether they’ve been compromised.
Here are five steps to building an effective IR plan — before a cyberattack occurs.