Security / incident response Dark mode Incident Response Tabletop Exercises A plan you have never tested is a hypothesis. A tabletop exercise (a discussion-based drill where the team talks through a scenario with no live systems touched) is how you test it. The team gathers, someone reads out a realistic incident scenario, and everyone talks […]
Security / incident response Dark mode Building a CSIRT: Incident Response Team Roles A Computer Security Incident Response Team, or CSIRT, is the group that runs the response when an incident is declared. It is not a single department. It is a cross-functional team that pulls in technical, legal, communications, and executive roles, each with […]
Security / incident response Dark mode The Incident Response Lifecycle: 6 Steps Most security incidents follow the same arc, and so does a good response. The incident response lifecycle breaks that response into six phases, from the work you do before anything happens to the review you do after it is over. The first letters […]
Security / incident response Dark mode How to Build an Incident Response Plan An incident response plan is the document that tells your organization exactly what to do when a security incident hits. Its real job is to remove improvisation from the worst hour of your year, so the people responding follow a process they […]
Ransomware Defense Playbook 28 Ransomware Defense Actions for Windows, Linux & Cloud Ransomware is projected to hit a target every 2 seconds by 2031. When it lands, you are staring at weeks of downtime and recovery costs that run into the millions. These 28 actions are what actually moves the needle, grounded in CIS Controls […]
The Thing That Keeps You up at Night It’s 2:47 AM, and the first signs of trouble start to surface. Unusual network traffic begins streaming from your financial database server, but no one is there to catch the alerts. At this moment, a sophisticated ransomware attack is quietly taking hold of your organization’s network. What […]
Introduction A data breach doesn’t care if you’re a startup or a Fortune 100. Over the past decade, I’ve seen teams scramble to contain ransomware at midnight, and others calmly execute playbooks as if rehearsed for Broadway. What sets these worlds apart often boils down to one thing: Are your incident response (IR) efforts aligned […]