Security SIG: Strategic Considerations in Incident Response



  • Topic: Strategic Considerations in Incident Response 

    Much has been written about the manner in which organizations of all sizes should prepare themselves for critical incidents. For many companies, these incidents quickly reveal even the most minor shortcomings in planning, talent, leadership and execution. When suddenly faced with a malware infection, data breach or internal incident related to fraud or misconduct, companies must deal with a multitude of exposures: financial, legal, operational, political and reputational. When planning for these types of responses, details matter.

    The discussion will address several emerging issues related to critical incidents:

    The “Maginot Effect” and how it works itself into even the most well conceived response plans. In short, is your organization preparing for the next incident or the last one? Are “lessons learned” actually “lessons lost?” Are you partnering with the right people in your organization to help prepare you for the next threat or incident?

    Capabilities: Whether it is Zero Day or Day 1, can your team actually do what you think they can do? Why is it imperative that your team get into the “weeds” from an operational, technical and human perspective when you plan for incident response? What types of questions about your resources, funding, talent and equipment should you be answering long before an emergent situation presents itself? For example, have you considered the role that forensics will need to play in your incident response efforts?

    Risk Assessment: How bad can it get? What role do the dynamic threats in your environment play in your planning? What types of internal and external risks are you missing? This session will utilize recent, real life examples of actual incident response projects that the presenter has led in both large and small organizations. We will discuss the details of some of the more common surprises that organizations have been faced with during these incidents, and what they did about it during and after the incident.


    6:30pm - 7:00pm - Registration

    7:00pm - 8:30pm - Presentation