Incident Response Pre Planning Return On Investment
I had an interesting conversation the other day with a good friend regarding the merits of having specific incident response plans for common types of incidents. My argument was (is) that by having plans for specific types of incidents thought out in advance and pre-planned (mail server DoS for example) you can recover from the incident much faster and lessen the impact of the incident. His counter argument was that writing all those plans and getting them approved is too much work to justify the small amount of time he says would be saved in recovery. After all, you know what you're going to do, right?
What do you think? Is it a small amount of time? Does it depend on the size of the organization? The value of the asset? What criteria do you use to determine what specific scenarios you have written plans for?
Christopher Carboni - Handler On Duty
Happy Birthday, Internet!
It all started 40 years ago today, when a couple of computers were connected by a long gray cable in order to pass some data. The experiment was funded by the Advanced Projects Research Agency (ARPA) and the project was called the ARPANET. By the end of the year, four sites were connected. Today it's hundreds of millions of computers and we call it the Internet. National Geographic has a story and some video here. Wikipedia has a nice timeline for the ARPANET here.
Marcus H. Sachs
Director, SANS Internet Storm Center
Comments