Brad Garnett is the team leader in the Cisco Security Incident Response Services division. He works with organizations around the world. Brad writes about the power of logging in incident response.
A good incident response plan can reduce not only the damage from hacking the security system, but also negative public opinion. It is necessary to have a response plan that allows you to quickly restore serviceability, continue to do business, serve customers and earn money.
Victims of hacker attacks or actions of insiders daily becomes a huge number of companies around the world. Therefore, most companies have an incident response plan (IRP). Unfortunately, this plan does not reflect reality and, most likely, it will not be effective.