When we were learning how to analyze network traces, we discussed stimulus and response in detail. Now, we use the same concept but apply it at the organizational level as we consider the defensive responses available to us. The stimulus will generally be a “successful” attack or attack attempt. A successful attack, if detected, invokes an incident-handling procedure. How do we define a successful attack? In the vein of “any landing you can walk away from is a good one,” we can say “any attack that causes us to take action above our normal filtering is a successful attack.” Do you agree? If not, keep in ...