Despite the best efforts of an organisation, incidents can and will still happen. When they do happen, we must manage them well and do all we can to learn from them and ensure that they never happen again. There really should be no excuse for the same incident, or same type of incident, happening more than once. In the immediate aftermath of a security incident the mood will be sombre, that ‘sick to your stomach’ feeling associated with failure will be omnipresent for the people involved, and a lot of reflection and consideration of ‘what ifs’ will be occurring. Through the negativity, however, there is usually a renewed focus on security, and a momentum that should be harvested for maximum impact. Following a security ...

Get Hands-on Incident Response and Digital Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.