Information security incident response

Develop a strong incident response plan to prepare for the aftermath of a data security breach, stolen laptop, or theft of sensitive information. Learn how computer forensics, an incident response plan and policy and employee training can build a strong incident response team and help prevent further disaster.

Top Stories

Tip 01 Feb 2024
10 cybersecurity best practices and tips for businesses

Looking to improve your business's cybersecurity program? Study these 10 cybersecurity best practices and tips. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Feature 29 Jan 2024
Top 10 types of information security threats for IT teams

Know thine enemy -- and the common security threats that can bring an unprepared organization to its knees. Learn what these threats are and how to prevent them. Continue Reading
By
- TechTarget Contributor

Quiz 06 Feb 2020
Try this cybersecurity quiz to test your (threat) intelligence

Check out our latest issue, and then test your understanding of the material. By passing this quiz, you'll solidify your knowledge and earn CPE credit, too. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Tip 16 Jan 2020
How to build and train organizational resilience teams

Well-trained resilience and emergency response teams are a key element of maintaining business continuity and recovering your organization when disaster strikes. Continue Reading
By
- Paul Kirvan
News 07 Jan 2020
Broadcom sells Symantec Cyber Security Services to Accenture

Accenture agreed to acquire Symantec's Cyber Security Services business from Broadcom, less than six months after Broadcom acquired Symantec's enterprise business. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 31 Dec 2019
NIST CSF provides guidelines for risk-based cybersecurity

Organizations benefit from identifying their unique risks when developing cybersecurity processes. Here's how the NIST Cybersecurity Framework can help guide risk-based IT protection. Continue Reading
By
- Peter Sullivan
Feature 27 Dec 2019
Editor's picks: Most pressing cybersecurity stories in 2019

As the year comes to an end, SearchSecurity takes a bird's-eye view of the sophisticated cyberthreat landscape and how it has changed over the past 12 months. Continue Reading
By
- Katie Donegan, Social Media Manager
News 19 Dec 2019
Two attacks on Maze ransomware list confirmed

Another confirmed ransomware attack, this time against Busch's Fresh Food Markets, was added to the Maze gang's ransomware shaming list after the company refused to pay the ransom. Continue Reading
By
- Michael Heller, TechTarget
News 10 Dec 2019
City of Pensacola hit by ransomware attack

A cyberattack, later confirmed to be ransomware, hit the city of Pensacola, Florida on Saturday, and the city is currently in the process of responding. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Dec 2019
Ryuk ransomware change breaks decryption tool

The threat actors behind Ryuk ransomware made changes to their code that have made the official decryption tool unreliable, according to security researchers. Continue Reading
By
- Michael Heller, TechTarget
Tip 25 Nov 2019
As cybersecurity insurance coverage becomes common, buyer beware

Cybersecurity insurance coverage can certainly have its benefits after a breach, but companies must consider a variety of unique business factors before choosing a policy. Continue Reading
By
- Daniel Allen, N2 Cyber Security Consultants
News 21 Nov 2019
Ohio builds 'Cyber Reserve' to combat cyberattacks

Ohio is building a 'Cyber Reserve,' a civilian cybersecurity force alongside the state's National Guard that will be deployed to help local governments recover from cyberattacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 19 Nov 2019
CrowdStrike: Incident response times still too long

A CrowdStrike study revealed it takes enterprise security teams almost seven days of nonstop work to detect, investigate and contain the average incident. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 18 Nov 2019
Use network traffic analysis to detect next-gen threats

Network traffic analysis, network detection and response -- whichever term you prefer, the technology is critical to detecting new breeds of low-and-slow threats. Continue Reading
By
- Kevin Tolly, The Tolly Group
News 08 Nov 2019
ConnectWise ransomware attacks affecting Automate customers

ConnectWise warned that ransomware attacks are targeting open ports for its Automate on-premises application, but the company has offered few details about the nature of the attacks. Continue Reading
By
- Michael Heller, TechTarget
Quiz 04 Nov 2019
Test your grasp of AI threats, privacy regulations and more

Test your grasp of current security topics like AI in cybersecurity and what privacy regulations require. Then receive CPE credit by passing this quiz. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Opinion 01 Nov 2019
When cyberthreats are nebulous, how can you plan?

Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
E-Zine 01 Nov 2019

AI threats, understaffed defenses and other cyber nightmares

Continue Reading
Opinion 01 Nov 2019
CISOs, does your incident response plan cover all the bases?

Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response? Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Answer 29 Oct 2019
What are the roles and responsibilities of a liaison officer?

While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them critical to incident response. Continue Reading
By
- Sharon Shea, Executive Editor
- Mike Rothman, Securosis
News 25 Oct 2019
Cyber insurance has changed incident response -- for better or worse

Cyber insurance carriers are assuming greater control over how enterprises conduct incident response, which has caused angst and frustration among some security vendors. Continue Reading
By
- Rob Wright, Senior News Director
News 23 Oct 2019
Another CCleaner attack hits Avast supply chain

Avast was able to stop an attempted supply chain attack targeting its CCleaner software, but experts say all enterprises should be wary of similar supply chain attacks. Continue Reading
By
- Michael Heller, TechTarget
Feature 23 Oct 2019
Combat the human aspect of risk with insider threat management

When it comes to insider threat awareness and prevention, enterprises would be wise to marry a people-centric approach with a technology-centric approach. Continue Reading
By
- Katie Donegan, Social Media Manager
Answer 08 Jul 2019
Attackers turn the tables on incident response strategies

Attackers expect incident response strategies and have a plan for when they encounter them. Find out how to take IR to the next level against attacker incident response counterstrategies. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Tip 28 Jun 2019
Strategies to mitigate cybersecurity incidents need holistic plans

Every organization needs strategies to mitigate cybersecurity incidents, but what areas should the strategies address? Find out what experts suggest to protect the entire organization. Continue Reading
By
- Mike Chapple, University of Notre Dame
Feature 28 Jun 2019
Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black

Learn how tools from leading EDR vendors Cybereason, CrowdStrike and Carbon Black compare when it comes to helping security teams fight endpoint threats and respond to incidents. Continue Reading
By
- Kevin Beaver, Principle Logic, LLC
Tip 28 Jun 2019
How to prevent cybersecurity attacks using this 4-part strategy

It can be daunting to defend an enterprise against cyberattacks, but these four defensive moves can help fortify and repel whatever comes your way. Continue Reading
By
- Dave Shackleford, Voodoo Security
Feature 11 Jun 2019
Red alerts: Inside Cisco's incident response best practices

Incident response is often challenging, but Cisco's Sean Mason offers recommendations for doing IR effectively, from keeping internal logs longer to embracing tabletop exercises. Continue Reading
By
- Rob Wright, Senior News Director
Tip 28 Mar 2019
Simplify incident response for zero-day vulnerability protection and beyond

Protection against a zero-day vulnerability and other cyber-risks is complicated, but simplifying cybersecurity incident management could be the key to protecting online assets. Continue Reading
By
- Peter Sullivan
News 20 Mar 2019
Experts praise Norsk Hydro cyberattack response

Aluminum manufacturer Norsk Hydro was hit with ransomware that forced a switch to manual operations. The company's incident response has experts impressed. Continue Reading
By
- Michael Heller, TechTarget
Tip 20 Mar 2019
How automated patch management using SOAR can slash risk

Learn how to use security orchestration, automation and response, also known as SOAR, to ease the hassle of mundane tasks related to patch management. Continue Reading
By
- Mike Chapple, University of Notre Dame
Tip 20 Mar 2019
Automating incident response with security orchestration

Security orchestration, automation and response technology is now seen as a key aid to security pros attempting to thwart an onslaught of cyberattacks. Continue Reading
By
- Mike Chapple, University of Notre Dame
Tip 20 Mar 2019
Plugging the cybersecurity skills gap with security automation

Security automation and response promises to help alleviate the shortage of qualified cybersecurity pros. Learn how SOAR helps security teams work smarter, not harder. Continue Reading
By
- Mike Chapple, University of Notre Dame
Tip 06 Mar 2019
How bellwether cybersecurity technologies predict success

Bellwether cybersecurity technologies -- advanced endpoint security, behavioral threat analytics and a trio of cloud-based apps -- are used by successful cybersecurity teams. Find out why. Continue Reading
By
- Johna Till Johnson, Nemertes Research
News 21 Feb 2019
CrowdStrike report says breakout time for threat actors is increasing

CrowdStrike's annual global threat report highlights why speed is critical for cybersecurity defenders. Experts sound off on key findings, including the rise of 'big game hunting.' Continue Reading
By
- Mekhala Roy
Answer 14 Feb 2019
Why did a Cisco patch for Webex have to be reissued?

Cisco's Webex Meetings platform had to be re-patched after researchers found the first one was failing. Discover what went wrong with the first patch with Judith Myerson. Continue Reading
By
- Judith Myerson
Feature 01 Feb 2019
Battling nation-state cyberattacks in a federal leadership vacuum

Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers. Continue Reading
By
- Robert Lemos
Opinion 01 Feb 2019
What a proactive cybersecurity stance means in 2019

Meeting cyberthreats head-on is no longer a choice but a necessity. Learn what dangers IT security teams may face in 2019 and why a proactive attitude is vital. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Tip 25 Jan 2019
Cybersecurity maturity model lays out four readiness levels

To assess cybersecurity maturity, Nemertes Research developed a four-point scale to determine a company's ability to effectively detect, understand and contain breaches. Continue Reading
By
- Johna Till Johnson, Nemertes Research
News 22 Jan 2019
DerbyCon's Dave Kennedy: The conference 'got too big'

DerbyCon co-founder Dave Kennedy discusses his decision to close down the conference and what he would have done differently. Continue Reading
By
- Michael Heller, TechTarget
News 30 Nov 2018
Spectre v2 mitigation causes significant slowdown on Linux 4.20

News roundup: A Spectre v2 mitigation causes significant performance slowdowns in Linux 4.20. Plus, Dell had to reset user passwords after a data breach, and more. Continue Reading
By
- Madelyn Bacon, TechTarget
Tip 31 Oct 2018
NIST incident response plan: 4 steps to better incident handling

The NIST incident response plan involves four phases enterprises can take to improve security incident handling. Expert Mike O. Villegas reviews each step. Continue Reading
By
- Mike O. Villegas, K3DES LLC
News 31 Aug 2018
Another patched Apache Struts vulnerability exploited

News roundup: A new Apache Struts vulnerability was exploited in the wild mere days after it was patched. Plus, Facebook removes app over privacy concerns and more. Continue Reading
By
- Madelyn Bacon, TechTarget
Answer 28 Aug 2018
SamSam ransomware: How can enterprises prevent an attack?

SamSam ransomware infected the Colorado DOT after hitting hospitals, city councils and companies. Learn how this version differs from those we've seen in the past. Continue Reading
By
- Nick Lewis
News 13 Aug 2018
Lessons learned from Meltdown and Spectre disclosure process

During a Black Hat 2018 session, Google, Microsoft and Red Hat offered a behind-the-scenes look at the disclosure and response effort for Meltdown and Spectre. Continue Reading
By
- Rob Wright, Senior News Director
News 09 Aug 2018
Meltdown and Spectre disclosure suffered "extraordinary miscommunication"

During a panel discussion at Black Hat 2018 on Meltdown and Spectre, Google explained how miscommunication left the company's incident response out of the early disclosure process. Continue Reading
By
- Rob Wright, Senior News Director
Feature 19 Jul 2018
Endgame's Devon Kerr on what it takes to be a threat hunter

Threat hunting goes beyond mere monitoring and detection. Endgame's Devon Kerr explains tomorrow's threat hunters and the keys to successful cyberthreat hunting. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Feature 17 Jul 2018
Accenture's Justin Harvey explains why cyber attribution isn't important

Accenture's Justin Harvey spoke at RSA Conference 2018 about his experiences with incident response and his views on the importance of cyber attribution. Continue Reading
By
- Rob Wright, Senior News Director
Tip 16 Jul 2018
Fine-tuning incident response automation for optimal results

Wondering where to apply automation to incident response in order to achieve the best results? The variety of options might be greater than you imagine. Read on to learn more. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 16 Jul 2018
How to integrate an incident response service provider

Adding a third-party incident response service to your cybersecurity program can bulk up enterprise defenses, but the provider must be integrated carefully to reap the benefits. Continue Reading
By
- Steven Weil, Point B
Feature 18 Jun 2018
Accenture's Tammy Moskites explains how the CISO position is changing

Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the daunting challenges CISOs face today and how the position may be changing. Continue Reading
By
- Rob Wright, Senior News Director
Tip 17 May 2018
How security operations centers work to benefit enterprises

One key support system for enterprises is security operations centers. Expert Ernie Hayden reviews the basic SOC framework and the purposes they can serve. Continue Reading
By
- Ernie Hayden, 443 Consulting LLC
Tip 16 Feb 2017
Intrusion response plans: Tales from front-line IT support

The right intrusion response training can make all the difference in data breach prevention. Expert Joe Granneman provides a real-world example from which enterprises can learn. Continue Reading
By
- Joseph Granneman, Illumination.io
News 14 Feb 2017
Ramzan advocates collaborative security in RSAC keynote

Zulfikar Ramzan opens RSA Conference 2017 by reminding enterprises that just as cyberattacks have long-tail repercussions, so too do collaborative security decisions made in business. Continue Reading
By
- Michael Heller, TechTarget
Answer 09 Jan 2017
Are investigations crucial to data breach protection?

SWIFT banking has a team dedicated to data breach investigations. Expert Mike O. Villegas discusses why this is necessary and whether other organizations should follow suit. Continue Reading
By
- Mike O. Villegas, K3DES LLC
Answer 05 Oct 2016
How would a cyberattack information database affect companies?

A proposed cyberattack information database in the U.K. aims to improve cyberinsurance. Expert Mike Chapple explains what collecting data breach information means for U.S. companies. Continue Reading
By
- Mike Chapple, University of Notre Dame
Feature 18 Mar 2016
Designing and Building Security Operations center

In this excerpt of Designing and Building Security Operations Center, author David Nathans reviews the infrastructure needed to support a SOC and maintain SOC security. Continue Reading
By
- SearchSecurity and Syngress
Answer 23 Nov 2015
What data breach notification policy should enterprises follow?

A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best practices. Continue Reading
By
- Mike Chapple, University of Notre Dame
Tip 10 Sep 2015
Improve corporate data protection with foresight, action

Better corporate data protection demands foresight and concrete action. Learn why breach training, monitoring and early detection capabilities can minimize damage when hackers attack. Continue Reading
By
- David Sherry, Brown University
Feature 31 Mar 2014
Linux Malware Incident Response

In this excerpt from Linux Malware Incident Response, authors Cameron Malin, Eoghan Casey and James Aquilina discuss volatile data collection methodology, steps and preservation. Continue Reading
By
- SearchSecurity and Syngress
Tip 03 May 2007
Digital forensics tool Helix 'does no harm'

Forensics isn't just for the scientists. This month, contributor Scott Sidel recommends Helix, a digital forensics tool that can do some important detective work on your system. Continue Reading
By
- Scott Sidel