It is not a big secret (nor a surprise) that I am a big fan of the guys over at Securosis. Not only do I appreciate a lot of the research that they do, I also like their business model very much. They give back to the community much of what they get from it, and that is commendable.

Recently, they have been publishing a series of articles that are very much in my area of interest. The articles have a common theme: incident response. The articles describe in sufficient detail what controls to should be  in place to facilitate effective response; examples range from information collection, to escalation processes, and much more.

The ability to respond to incidents, rather than to merely react to them, is something that many organizations lack, but that has the ability to drastically reduce downtime following an incident, and in some cases will prevent intellectual property from being lost and/or damaged.

The articles that they have published to date are:

React Faster and Better: Introduction

React Faster and Better: Incident Response Gaps

React Faster and Better: New Data for New Attacks, Part 1

React Faster and Better: Alerts & Triggers

React Faster and Better: Initial Incident Data

React Faster and Better: Organizing for Response

React Faster and Better: Kicking off a Response

React Faster and Better: Respond, Investigate, and Recover

As time goes on, I hope that Securosis continues its great work and continues to publish relentlessly.

Enhanced by Zemanta