The framework presented has been used in both SMB and Enterprise environments. Its focus is on ensuring Security Incidents are handled in a standardized, repeatable, manner. The focus of this presentation is on how to effectively assess and enhance an existing process or implement and maintain a new one. This presentation if focused on the IR portion of the DFIR acronym. It is typically the most neglected part and the most difficult to try to outsource. Put another way, your organization needs to have its act together in advance of a security incident so the process is not being invented during an incident. It is also important to make sure lessons learned during a security incident are put to use.
If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek