Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ColumnsCybersecuritySecurity Talk ColumnCybersecurity News

5 Secrets for Cyber Incident Response

By Diane Ritchey
Security Talk Default
Five Secrets for Incident Response
Security Talk Default
Five Secrets for Incident Response
July 1, 2017

In theory, responding to a data breach should be straightforward. Alert all affected, communicate next steps, and then make plans so that it doesn’t happen again. But it doesn’t always work out that way.

Apologies for picking on Yahoo and Target, but as an example, both companies failed at incident response. In September 2016, Yahoo said that data associated with 500 million user accounts was stolen two years earlier. In December, the company disclosed that another 1 billion accounts were hacked in 2013.

Yahoo was criticized by Congress for taking too long to report the breach. Then, as it’s been widely reported, CEO Marissa Mayer is in the hot seat, the company’s chief counsel resigned, Verizon’s $4.83 billion acquisition of Yahoo is delayed and the price lowered by $350 million.

Target was also a poster child for suffering a massive data breach and having a less-than-stellar response. When it comes to data breach response, open, honest/accurate and timely communication is key. But Target didn’t even break the news to its customers; cyber journalist Brian Krebs did.

“Yes, there have been several prominent and highly visible cyber attacks, but the threat is, and has always been, there,” says Jake Williams, Founder and President of Rendition Infosec.  “It’s not a matter of if there will be another attack, it’s just a matter of when.”

I recently spoke with Williams, who offers five tips to help get companies ready to respond when the next attack occurs. Because effective incident response is difficult, and most organizations fail when it comes time to perform.

 

1. Build a Playbook.

An incident response (IR) playbook includes step-by-step processes for everything you do in an incident response, broken down by task area. The IR playbook should include specific instructions for performing incident response in your environment with your tools. Consider two football coaches – one coaches a little league team and another coaches a professional team.  The most optimal plays for both teams are fundamentally different.  While the little league coach knows that a sports medicine specialist would ideally help a player with a muscle cramp, there is little benefit in putting this in the playbook if there is no such specialist available.  Your playbook should contain only information about the tools and skills you have available on your team.

 

2. Obtain System Baselines.

During an incident, system baselines are worth their weight in gold. They help incident responders understand what normal looks like so they can focus on only the new processes, drivers and registry keys on a system. We often analogize an incident to lighting up a dark basement for the first time. To a stranger, there may be many potentially scary sights when the lights come on, but to someone who knows this basement well, there is nothing to be afraid of.  More aptly, because they know what it is supposed to look like, they can focus only on the things that appear out of place.

 

3. Incorporate Non-Traditional Staff.

Some team member roles, such as “network forensics expert” are obvious inclusions on an incident response team.  However, some team roles are less obvious, to include legal counsel, PR and business unit leaders. PR and legal will need to be involved if the incident is made public, so engage them from the beginning. And business unit leadership is critical – after all, you are here to support the business (not the other way around).  Bring in business unit leadership early to understand how proposed incident response activities will impact their operations.

 

4. Use Tabletop Exercises Liberally.

Tabletop exercises are simulations where an exercise leader walks the IR team through scenarios using a series of injects. Some military types might know these better as war games or sand table exercises. The purpose of the tabletop exercise is to ensure that the staff are ready for situations that they may not have previously encountered. Unlike a traditional incident response, the staff will not actually perform all the actions of the incident response, but rather assign resources to handle issues and verbalize tasks. A well-trained IR staff can walk through one or two full incidents in a single day. Most IR teams should perform at least one tabletop exercise per quarter, and ideally once per month.

 

5. Learn to Speak Business.

Each business has its own language, and incident responders need to learn the language of the business. There is no doubt that the responder should know more about incident response than the business, but that is often not the perception when obscure technical jargon is used to “communicate.” IR should listen to how the business leaders communicate with one another and use the same language. People like people like themselves, so mimicking the language patterns, euphemisms, and vocabulary of the business leaders is a surefire route to success.

Are you ready?

KEYWORDS: cyber attack cyber incident response data breach emergency response security training

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Diane 2016 200

Diane Ritchey was former Editor, Communications and Content for Security magazine beginning in 2009. She has an experienced background in publishing, public relations, content creation and management, internal and external communications. Within her role at Security, Ritchey organized and executed the annual Security 500 conference, researched and wrote exclusive cover stories, managed social media, and authored the monthly Security Talk column.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Security Leadership and Management
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Jay Hart, founder of the Force Training Institute

    Saving Lives with a Test: Active Shooter Response Training for Employees

    See More
  • Security Talk

    Preparing Your Cybersecurity Elevator Speech

    See More
  • 5 Minutes with Eddie Ankers

    5 Minutes with Eddie Ankers

    See More

Events

View AllSubmit An Event
  • August 27, 2025

    Risk Mitigation as a Competitive Edge

    In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing