Gartner Blog Network


Our “How to Plan and Execute Modern Security Incident Response” Publishes

by Anton Chuvakin  |  April 11, 2016  |  4 Comments

Our updated security incident response (IR) paper, now renamed “How to Plan and Execute Modern Security Incident Response” (Gartner GTP access required) has just published.

Some fun quotes follow below:

  • “Effective security IR fuses together technical and nontechnical resources, which are bound by the incident response policy, procedures and plans. Most organizations have an underdeveloped and underfunded incident response strategy and capability.”
  • “This advice — to create an IR plan, now nearly a quarter of a century old — is certainly not heeded by all organizations; organizations continue to struggle with the right amount of information and the right scope of their incident response plans. […] Furthermore, the “aha” moment for many organizations is in drawing the line between “doing the planning” and “having a plan.”
  • “Anecdotal evidence suggests that incidents for which organizations have specifically planned for and prepared for end up costing less than those the organizations did not think of. “
  • “Gartner clients reported that one of the biggest mind shifts and incident response practice changes was the increased role of accurately scoping the incident.”
  • “Even organizations that complain that they are “drowning in data” probably need more visibility-focused tools [such as SIEM, EDR, UBA / UEBA, etc], if not more data [for their IR efforts].”
  • “The cross-silo nature of modern IR is further emphasized in cases of real APT intrusions. Looking at logs, traffic, endpoints, and user and application activity is often essential to uncovering subtle intruder traces.”

Enjoy!

Related blog posts announcing research publication:

Category: security  

Anton Chuvakin
Research VP
5+ years with Gartner
16 years IT industry

Anton Chuvakin is a research VP at Gartner's GTP Security and Risk Management group. Before Mr. Chuvakin joined Gartner, his job responsibilities included security product management, evangelist… Read Full Bio


Thoughts on Our “How to Plan and Execute Modern Security Incident Response” Publishes


  1. […] This is just one of the juicy bits from the document. You can read more about in Anton’s blog. […]

  2. Todd Weller says:

    This was a great report….read it yesterday! Must read….not only informative but your style makes it fun to read too!

  3. […] The article “Our "How to Plan and Execute Modern Security Incident Response" Publishes” was first published on 11 April 2016 | 12:55 pm. Source […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.