Securosis research: React Faster and Better
It is not a big secret (nor a surprise) that I am a big fan of the guys over at Securosis. Not only do I appreciate a lot of the research that they do, I also like their business model very much. They give back to the community much of what they get from it, and that is commendable.
Recently, they have been publishing a series of articles that are very much in my area of interest. The articles have a common theme: incident response. The articles describe in sufficient detail what controls to should be in place to facilitate effective response; examples range from information collection, to escalation processes, and much more.
The ability to respond to incidents, rather than to merely react to them, is something that many organizations lack, but that has the ability to drastically reduce downtime following an incident, and in some cases will prevent intellectual property from being lost and/or damaged.
The articles that they have published to date are:
React Faster and Better: Introduction
React Faster and Better: Incident Response Gaps
React Faster and Better: New Data for New Attacks, Part 1
React Faster and Better: Alerts & Triggers
React Faster and Better: Initial Incident Data
React Faster and Better: Organizing for Response
React Faster and Better: Kicking off a Response
React Faster and Better: Respond, Investigate, and Recover
As time goes on, I hope that Securosis continues its great work and continues to publish relentlessly.