Not that anyone is really paying attention, but the site is fixed and works again. I admittedly was quite a bit lazy in looking into it, bur finally spent some time, and the site appears operational again. That means I can start posting content that no one seems to really look at right now. yeah!!!!!!!!!!!!!!!!
Nice little post here on continuous IR, and how it can feed into the program as a whole.
Making Incident Response a Security Program Enabler
The approach an organization can take to take incident response from a reactive process to proactive one involves the following steps:
– Improving an organization’s incident response capabilities
– Improving an organization’s root cause analysis capabilities
– Improving an organization’s security monitoring capabilities
– Influencing others to see incident response as a continuous process
– Operationalizing incident response information
– Collecting and documenting data for the organization’s incident response metrics
– Analyzing the organization’s incident response metrics to produce intelligence
– Presenting the intelligence to appropriate stakeholders
An interesting article from OpenDNS.
Time Stomping is an Anti-Forensics technique.
Has your data feed made you lazier?