SANS Digital Forensics and Incident Response Blog: Tag - Security Program

The Big Picture of the Security Incident Cycle

What is the relation of incident response (IR) to other information security disciplines, such as intrusion detection, penetration testing, application security and network defense? These teams operate as part of an overall incident cycle that ties disparate security specialists together.The cycle consists of 4 major phases: Plan, Resist, Detect and Respond.Let's take a look at the cycle and explore ways in which organizations often fail at navigating it.

The Security Incident Cycle Flow

Speaking at theUS Digital Forensic and Incident Response Summit 2010,Richard Bejtlich discussed the topic of CIRT-Level Response to Advanced Persistent Threat. His talk focused on the unique challenges of handling APT incidents that span years, not days. The