Blog post

Our New Research on Incident Response Has Been Published

By Augusto Barros | October 15, 2019 | 2 Comments

Security Operations for Technical Professionals

We finally managed to publish our great new (in fact, refreshed) document on preparing for incident response, “How to Implement a Computer Security Incident Response Program”.

This is the first document of my colleague Michael Clark, who did a terrific job of modernizing some stuff from a long time ago.

Some interesting pieces from this guidance document:

 

Organizations that practice their incident response program find gaps and areas for improvement. Certain exercises also make the computer security incident response team (CSIRT) more comfortable and better equipped when an incident occurs.

Include all the locations and services where your assets and data reside in the plan. This includes SaaS and company-controlled cloud assets. Many high-profile breaches involve elements outside the organization’s perimeter

Detections that must be addressed are inevitable. Organizations are often forced into a response mode by attackers and third-party breach notifications.

As usual, we are always looking for detailed feedback on our papers. Feel free to drop some comments here if you read the doc.

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Leave a Comment

2 Comments

  • Not a single “that other analyst who…” joke in this?