It's inevitable: cyber incidents will happen. In defensive security, we should do our best to security harden our computer networks and applications as well as we can. But for your business to thrive in the 21^st century, you must be ready to act when a cyberattack occurs. A quick, thorough, and effective incident response will help keep your organization successful in the years and decades to come.

In Chapter 2, I discussed how you can build a good security team for companies of all sizes and in all industries. If your business has fewer than 100 people, you'll probably have just one or two people in your IT department, and they would handle all of your in-house computer operation, administration, and maintenance needs. At the other end of the spectrum are large companies with more than 10,000 people that can support a robust IT department and security operations center. How your organization prepares for and responds to incidents will depend on how many people are on your team and the size of your computer networks.

If your company has any sort of computer network, you should have a computer security incident response team (CSIRT). Remember I mentioned in Chapter 1 how a strong security culture involves everyone in your company, not just your IT department? Your CSIRT should also have some people from outside of IT. An effective CSIRT consists of network administrators, other IT people, a legal specialist, and a PR specialist. ...