The first thing an IT security executive should do after the corporate network has been breached is fall back on the incident response plan that was put in place well before attackers got through the carefully constructed defenses.
That’s what should have happened, but even if it wasn’t there are certain steps that anyone running an incident response team should follow in order to accomplish the main goal of any such cleanup: getting the network back to supporting business as usual as quickly as possible.
There are seven key things breach-repair leaders should do, according to Wade Woolwine, the manager of strategic services for Rapid7, who outlined the steps last week at his company’s United customer conference. “It’s all about recovering the business back to normal operations,” Woolwine says.
To read this article in full or to leave a comment, please click here