SANS Survey Maturing and Specializing: Incident Response Capabilities Needed
In the past, hackers used to break into a system to steal as much data as possible and get out without worrying about detection. Today, however, they have learned to be patient, harvest more data, and cause significant security and financial effects. Because of this, organizations must detect and respond to incidents as quickly, efficiently and accurately as possible.
This whitepaper explores:
- Why many Incident Response (IR) professionals feel their organizations' IR capabilities are ineffective.
- How broad definitions of an incident place a strain on IR teams.
- Why lack of time to review and practice IR procedures is a primary barrier to effective IR.
- How the lack of formalized IR plans and dedicated staff plague most organizations.
- Reasons why organizations need to implement collection and correlation of threat intelligence.