Information security incident response
Develop a strong incident response plan to prepare for the aftermath of a data security breach, stolen laptop, or theft of sensitive information. Learn how computer forensics, an incident response plan and policy and employee training can build a strong incident response team and help prevent further disaster.
Top Stories
-
Tip
01 Feb 2024
10 cybersecurity best practices and tips for businesses
Looking to improve your business's cybersecurity program? Study these 10 cybersecurity best practices and tips. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
Feature
29 Jan 2024
Top 10 types of information security threats for IT teams
Know thine enemy -- and the common security threats that can bring an unprepared organization to its knees. Learn what these threats are and how to prevent them. Continue Reading
-
Quiz
06 Feb 2020
Try this cybersecurity quiz to test your (threat) intelligence
Check out our latest issue, and then test your understanding of the material. By passing this quiz, you'll solidify your knowledge and earn CPE credit, too. Continue Reading
By- Brenda L. Horrigan, Executive Managing Editor
-
Tip
16 Jan 2020
How to build and train organizational resilience teams
Well-trained resilience and emergency response teams are a key element of maintaining business continuity and recovering your organization when disaster strikes. Continue Reading
By -
News
07 Jan 2020
Broadcom sells Symantec Cyber Security Services to Accenture
Accenture agreed to acquire Symantec's Cyber Security Services business from Broadcom, less than six months after Broadcom acquired Symantec's enterprise business. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
31 Dec 2019
NIST CSF provides guidelines for risk-based cybersecurity
Organizations benefit from identifying their unique risks when developing cybersecurity processes. Here's how the NIST Cybersecurity Framework can help guide risk-based IT protection. Continue Reading
-
Feature
27 Dec 2019
Editor's picks: Most pressing cybersecurity stories in 2019
As the year comes to an end, SearchSecurity takes a bird's-eye view of the sophisticated cyberthreat landscape and how it has changed over the past 12 months. Continue Reading
By- Katie Donegan, Social Media Manager
-
News
19 Dec 2019
Two attacks on Maze ransomware list confirmed
Another confirmed ransomware attack, this time against Busch's Fresh Food Markets, was added to the Maze gang's ransomware shaming list after the company refused to pay the ransom. Continue Reading
By- Michael Heller, TechTarget
-
News
10 Dec 2019
City of Pensacola hit by ransomware attack
A cyberattack, later confirmed to be ransomware, hit the city of Pensacola, Florida on Saturday, and the city is currently in the process of responding. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
10 Dec 2019
Ryuk ransomware change breaks decryption tool
The threat actors behind Ryuk ransomware made changes to their code that have made the official decryption tool unreliable, according to security researchers. Continue Reading
By- Michael Heller, TechTarget
-
Tip
25 Nov 2019
As cybersecurity insurance coverage becomes common, buyer beware
Cybersecurity insurance coverage can certainly have its benefits after a breach, but companies must consider a variety of unique business factors before choosing a policy. Continue Reading
By- Daniel Allen, N2 Cyber Security Consultants
-
News
21 Nov 2019
Ohio builds 'Cyber Reserve' to combat cyberattacks
Ohio is building a 'Cyber Reserve,' a civilian cybersecurity force alongside the state's National Guard that will be deployed to help local governments recover from cyberattacks. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
19 Nov 2019
CrowdStrike: Incident response times still too long
A CrowdStrike study revealed it takes enterprise security teams almost seven days of nonstop work to detect, investigate and contain the average incident. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
18 Nov 2019
Use network traffic analysis to detect next-gen threats
Network traffic analysis, network detection and response -- whichever term you prefer, the technology is critical to detecting new breeds of low-and-slow threats. Continue Reading
By- Kevin Tolly, The Tolly Group
-
News
08 Nov 2019
ConnectWise ransomware attacks affecting Automate customers
ConnectWise warned that ransomware attacks are targeting open ports for its Automate on-premises application, but the company has offered few details about the nature of the attacks. Continue Reading
By- Michael Heller, TechTarget
-
Quiz
04 Nov 2019
Test your grasp of AI threats, privacy regulations and more
Test your grasp of current security topics like AI in cybersecurity and what privacy regulations require. Then receive CPE credit by passing this quiz. Continue Reading
By- Brenda L. Horrigan, Executive Managing Editor
-
Opinion
01 Nov 2019
When cyberthreats are nebulous, how can you plan?
Security planning is tough when you're short-staffed and hackers have smart tech too. You'll need solid skills and, most of all, a willingness to use your imagination. Continue Reading
By- Brenda L. Horrigan, Executive Managing Editor
- E-Zine 01 Nov 2019
-
Opinion
01 Nov 2019
CISOs, does your incident response plan cover all the bases?
Security incidents, let's face it, are essentially inevitable. How do you cover the key bases -- education, inventory, and visibility -- in planning for incident response? Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Answer
29 Oct 2019
What are the roles and responsibilities of a liaison officer?
While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them critical to incident response. Continue Reading
By- Sharon Shea, Executive Editor
- Mike Rothman, Securosis
-
News
25 Oct 2019
Cyber insurance has changed incident response -- for better or worse
Cyber insurance carriers are assuming greater control over how enterprises conduct incident response, which has caused angst and frustration among some security vendors. Continue Reading
By- Rob Wright, Senior News Director
-
News
23 Oct 2019
Another CCleaner attack hits Avast supply chain
Avast was able to stop an attempted supply chain attack targeting its CCleaner software, but experts say all enterprises should be wary of similar supply chain attacks. Continue Reading
By- Michael Heller, TechTarget
-
Feature
23 Oct 2019
Combat the human aspect of risk with insider threat management
When it comes to insider threat awareness and prevention, enterprises would be wise to marry a people-centric approach with a technology-centric approach. Continue Reading
By- Katie Donegan, Social Media Manager
-
Answer
08 Jul 2019
Attackers turn the tables on incident response strategies
Attackers expect incident response strategies and have a plan for when they encounter them. Find out how to take IR to the next level against attacker incident response counterstrategies. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Tip
28 Jun 2019
Strategies to mitigate cybersecurity incidents need holistic plans
Every organization needs strategies to mitigate cybersecurity incidents, but what areas should the strategies address? Find out what experts suggest to protect the entire organization. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Feature
28 Jun 2019
Comparing EDR tools: Cybereason vs. CrowdStrike vs. Carbon Black
Learn how tools from leading EDR vendors Cybereason, CrowdStrike and Carbon Black compare when it comes to helping security teams fight endpoint threats and respond to incidents. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Tip
28 Jun 2019
How to prevent cybersecurity attacks using this 4-part strategy
It can be daunting to defend an enterprise against cyberattacks, but these four defensive moves can help fortify and repel whatever comes your way. Continue Reading
By- Dave Shackleford, Voodoo Security
-
Feature
11 Jun 2019
Red alerts: Inside Cisco's incident response best practices
Incident response is often challenging, but Cisco's Sean Mason offers recommendations for doing IR effectively, from keeping internal logs longer to embracing tabletop exercises. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
28 Mar 2019
Simplify incident response for zero-day vulnerability protection and beyond
Protection against a zero-day vulnerability and other cyber-risks is complicated, but simplifying cybersecurity incident management could be the key to protecting online assets. Continue Reading
-
News
20 Mar 2019
Experts praise Norsk Hydro cyberattack response
Aluminum manufacturer Norsk Hydro was hit with ransomware that forced a switch to manual operations. The company's incident response has experts impressed. Continue Reading
By- Michael Heller, TechTarget
-
Tip
20 Mar 2019
How automated patch management using SOAR can slash risk
Learn how to use security orchestration, automation and response, also known as SOAR, to ease the hassle of mundane tasks related to patch management. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Tip
20 Mar 2019
Automating incident response with security orchestration
Security orchestration, automation and response technology is now seen as a key aid to security pros attempting to thwart an onslaught of cyberattacks. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Tip
20 Mar 2019
Plugging the cybersecurity skills gap with security automation
Security automation and response promises to help alleviate the shortage of qualified cybersecurity pros. Learn how SOAR helps security teams work smarter, not harder. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Tip
06 Mar 2019
How bellwether cybersecurity technologies predict success
Bellwether cybersecurity technologies -- advanced endpoint security, behavioral threat analytics and a trio of cloud-based apps -- are used by successful cybersecurity teams. Find out why. Continue Reading
By- Johna Till Johnson, Nemertes Research
-
News
21 Feb 2019
CrowdStrike report says breakout time for threat actors is increasing
CrowdStrike's annual global threat report highlights why speed is critical for cybersecurity defenders. Experts sound off on key findings, including the rise of 'big game hunting.' Continue Reading
By -
Answer
14 Feb 2019
Why did a Cisco patch for Webex have to be reissued?
Cisco's Webex Meetings platform had to be re-patched after researchers found the first one was failing. Discover what went wrong with the first patch with Judith Myerson. Continue Reading
-
Feature
01 Feb 2019
Battling nation-state cyberattacks in a federal leadership vacuum
Nation-state cyberattacks could be better fought with a united front. But the U.S. government has failed to find a reliable way to deter or stop attackers. Continue Reading
By -
Opinion
01 Feb 2019
What a proactive cybersecurity stance means in 2019
Meeting cyberthreats head-on is no longer a choice but a necessity. Learn what dangers IT security teams may face in 2019 and why a proactive attitude is vital. Continue Reading
By- Brenda L. Horrigan, Executive Managing Editor
-
Tip
25 Jan 2019
Cybersecurity maturity model lays out four readiness levels
To assess cybersecurity maturity, Nemertes Research developed a four-point scale to determine a company's ability to effectively detect, understand and contain breaches. Continue Reading
By- Johna Till Johnson, Nemertes Research
-
News
22 Jan 2019
DerbyCon's Dave Kennedy: The conference 'got too big'
DerbyCon co-founder Dave Kennedy discusses his decision to close down the conference and what he would have done differently. Continue Reading
By- Michael Heller, TechTarget
-
News
30 Nov 2018
Spectre v2 mitigation causes significant slowdown on Linux 4.20
News roundup: A Spectre v2 mitigation causes significant performance slowdowns in Linux 4.20. Plus, Dell had to reset user passwords after a data breach, and more. Continue Reading
By- Madelyn Bacon, TechTarget
-
Tip
31 Oct 2018
NIST incident response plan: 4 steps to better incident handling
The NIST incident response plan involves four phases enterprises can take to improve security incident handling. Expert Mike O. Villegas reviews each step. Continue Reading
By- Mike O. Villegas, K3DES LLC
-
News
31 Aug 2018
Another patched Apache Struts vulnerability exploited
News roundup: A new Apache Struts vulnerability was exploited in the wild mere days after it was patched. Plus, Facebook removes app over privacy concerns and more. Continue Reading
By- Madelyn Bacon, TechTarget
-
Answer
28 Aug 2018
SamSam ransomware: How can enterprises prevent an attack?
SamSam ransomware infected the Colorado DOT after hitting hospitals, city councils and companies. Learn how this version differs from those we've seen in the past. Continue Reading
By -
News
13 Aug 2018
Lessons learned from Meltdown and Spectre disclosure process
During a Black Hat 2018 session, Google, Microsoft and Red Hat offered a behind-the-scenes look at the disclosure and response effort for Meltdown and Spectre. Continue Reading
By- Rob Wright, Senior News Director
-
News
09 Aug 2018
Meltdown and Spectre disclosure suffered "extraordinary miscommunication"
During a panel discussion at Black Hat 2018 on Meltdown and Spectre, Google explained how miscommunication left the company's incident response out of the early disclosure process. Continue Reading
By- Rob Wright, Senior News Director
-
Feature
19 Jul 2018
Endgame's Devon Kerr on what it takes to be a threat hunter
Threat hunting goes beyond mere monitoring and detection. Endgame's Devon Kerr explains tomorrow's threat hunters and the keys to successful cyberthreat hunting. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Feature
17 Jul 2018
Accenture's Justin Harvey explains why cyber attribution isn't important
Accenture's Justin Harvey spoke at RSA Conference 2018 about his experiences with incident response and his views on the importance of cyber attribution. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
16 Jul 2018
Fine-tuning incident response automation for optimal results
Wondering where to apply automation to incident response in order to achieve the best results? The variety of options might be greater than you imagine. Read on to learn more. Continue Reading
By- Dave Shackleford, Voodoo Security
-
Tip
16 Jul 2018
How to integrate an incident response service provider
Adding a third-party incident response service to your cybersecurity program can bulk up enterprise defenses, but the provider must be integrated carefully to reap the benefits. Continue Reading
By- Steven Weil, Point B
-
Feature
18 Jun 2018
Accenture's Tammy Moskites explains how the CISO position is changing
Accenture's Tammy Moskites spoke with SearchSecurity at RSA Conference 2018 about the daunting challenges CISOs face today and how the position may be changing. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
17 May 2018
How security operations centers work to benefit enterprises
One key support system for enterprises is security operations centers. Expert Ernie Hayden reviews the basic SOC framework and the purposes they can serve. Continue Reading
By- Ernie Hayden, 443 Consulting LLC
-
Tip
16 Feb 2017
Intrusion response plans: Tales from front-line IT support
The right intrusion response training can make all the difference in data breach prevention. Expert Joe Granneman provides a real-world example from which enterprises can learn. Continue Reading
By- Joseph Granneman, Illumination.io
-
News
14 Feb 2017
Ramzan advocates collaborative security in RSAC keynote
Zulfikar Ramzan opens RSA Conference 2017 by reminding enterprises that just as cyberattacks have long-tail repercussions, so too do collaborative security decisions made in business. Continue Reading
By- Michael Heller, TechTarget
-
Answer
09 Jan 2017
Are investigations crucial to data breach protection?
SWIFT banking has a team dedicated to data breach investigations. Expert Mike O. Villegas discusses why this is necessary and whether other organizations should follow suit. Continue Reading
By- Mike O. Villegas, K3DES LLC
-
Answer
05 Oct 2016
How would a cyberattack information database affect companies?
A proposed cyberattack information database in the U.K. aims to improve cyberinsurance. Expert Mike Chapple explains what collecting data breach information means for U.S. companies. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Feature
18 Mar 2016
Designing and Building Security Operations center
In this excerpt of Designing and Building Security Operations Center, author David Nathans reviews the infrastructure needed to support a SOC and maintain SOC security. Continue Reading
By- SearchSecurity and Syngress
-
Answer
23 Nov 2015
What data breach notification policy should enterprises follow?
A data breach notification policy is important to have, but deciding how to alert customers can be tough. Expert Mike Chapple explains some best practices. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Tip
10 Sep 2015
Improve corporate data protection with foresight, action
Better corporate data protection demands foresight and concrete action. Learn why breach training, monitoring and early detection capabilities can minimize damage when hackers attack. Continue Reading
By- David Sherry, Brown University
-
Feature
31 Mar 2014
Linux Malware Incident Response
In this excerpt from Linux Malware Incident Response, authors Cameron Malin, Eoghan Casey and James Aquilina discuss volatile data collection methodology, steps and preservation. Continue Reading
By- SearchSecurity and Syngress
-
Tip
03 May 2007
Digital forensics tool Helix 'does no harm'
Forensics isn't just for the scientists. This month, contributor Scott Sidel recommends Helix, a digital forensics tool that can do some important detective work on your system. Continue Reading
By- Scott Sidel