Tag Archives: blog

Back Again

Not that anyone is really paying attention, but the site is fixed and works again. I admittedly was quite a bit lazy in looking into it, bur finally spent some time, and the site appears operational again. That means I can start posting content that no one seems to really look at right now. yeah!!!!!!!!!!!!!!!!


DFIR 014 – Continuous IR

Nice little post here on continuous IR, and how it can feed into the program as a whole.

Making Incident Response a Security Program Enabler

The approach an organization can take to take incident response from a reactive process to proactive one involves the following steps:

– Improving an organization’s incident response capabilities
– Improving an organization’s root cause analysis capabilities
– Improving an organization’s security monitoring capabilities
– Influencing others to see incident response as a continuous process
– Operationalizing incident response information
– Collecting and documenting data for the organization’s incident response metrics
– Analyzing the organization’s incident response metrics to produce intelligence
– Presenting the intelligence to appropriate stakeholders