Information security incident response
Develop a strong incident response plan to prepare for the aftermath of a data security breach, stolen laptop, or theft of sensitive information. Learn how computer forensics, an incident response plan and policy and employee training can build a strong incident response team and help prevent further disaster.
Top Stories
-
Tip
01 Feb 2024
10 cybersecurity best practices and tips for businesses
Looking to improve your business's cybersecurity program? Study these 10 cybersecurity best practices and tips. Continue Reading
-
Feature
29 Jan 2024
Top 10 types of information security threats for IT teams
Know thine enemy -- and the common security threats that can bring an unprepared organization to its knees. Learn what these threats are and how to prevent them. Continue Reading
-
Definition
05 Feb 2024
SOAR (security orchestration, automation and response)
SOAR (security orchestration, automation and response) is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events with little or no human assistance. Continue Reading
-
Tip
01 Feb 2024
10 cybersecurity best practices and tips for businesses
Looking to improve your business's cybersecurity program? Study these 10 cybersecurity best practices and tips. Continue Reading
-
Definition
29 Jan 2024
indicators of compromise (IOC)
Indicators of compromise are unusual activities on a system or network that imply the presence of a malicious actor. Continue Reading
-
Feature
29 Jan 2024
Top 10 types of information security threats for IT teams
Know thine enemy -- and the common security threats that can bring an unprepared organization to its knees. Learn what these threats are and how to prevent them. Continue Reading
-
Feature
25 Jan 2024
Top benefits and challenges of SOAR tools
To ensure successful adoption, IT leaders need to understand the benefits of SOAR tools, as well as potential disadvantages. Explore pros, cons and how to measure SOAR success. Continue Reading
-
Feature
23 Jan 2024
Top incident response service providers, vendors and software
Get help deciding between using in-house incident response software or outsourcing to an incident response service provider, and review a list of leading vendor options. Continue Reading
-
Tip
17 Jan 2024
CERT vs. CSIRT vs. SOC: What's the difference?
What's in a name? Parse the true differences between a CERT, a CSIRT, a CIRT and a SOC, before you decide what's best for your organization. Continue Reading
-
Feature
17 Jan 2024
How to create a CSIRT: 10 best practices
The time to organize and train a CSIRT is long before a security incident occurs. Certain steps should be followed to create an effective, cross-functional team. Continue Reading
-
Tip
17 Jan 2024
Top 6 SOAR use cases to implement in enterprise SOCs
Automating basic SOC workflows with SOAR can improve an organization's security posture. Explore six SOAR use cases to streamline SOC processes and augment human analysts. Continue Reading
-
Definition
16 Jan 2024
incident response team
An incident response team is a group of IT professionals in charge of preparing for and reacting to any type of organizational emergency. Continue Reading
-
Tip
12 Jan 2024
Incident response: How to implement a communication plan
Communication is critical to an effective incident response plan. Here are five best practices for communication planning and a free, editable template to get started. Continue Reading
-
Feature
09 Jan 2024
Top 30 incident response interview questions
Job interviews are nerve-wracking, but preparation can minimize jitters and position you to land the role. Get started with these incident response interview questions and answers. Continue Reading
-
Feature
09 Jan 2024
Top incident response tools: How to choose and use them
The OODA loop helps organizations throughout the incident response process, giving insight into the incident response tools needed to detect and respond to security events. Continue Reading
-
Feature
08 Jan 2024
How to become an incident responder: Requirements and more
Incident response is a growth area that provides career advancement options and a good salary. Here's an in-depth look at job requirements, salaries and available certifications. Continue Reading
-
Definition
04 Jan 2024
computer security incident response team (CSIRT)
A computer security incident response team, or CSIRT, is a group of IT professionals that provides an organization with services and support surrounding the assessment, management and prevention of cybersecurity-related emergencies, as well as coordination of incident response efforts. Continue Reading
-
Tip
17 Nov 2023
AI in risk management: Top benefits and challenges explained
AI and machine learning tools can aid in risk management programs. Here are the potential benefits, use cases and challenges your organization needs to know about. Continue Reading
-
Definition
19 Oct 2023
Structured Threat Information eXpression (STIX)
Structured Threat Information eXpression (STIX) is a standardized Extensible Markup Language (XML) programming language for conveying data about cybersecurity threats in a way that can be easily understood by both humans and security technologies. Continue Reading
-
Tip
01 Sep 2022
Cybersecurity budget breakdown and best practices
Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
-
News
28 Oct 2021
Avast releases decryptors for multiple ransomware strains
Victims of three separate ransomware families can now recover data using tools developed by the antivirus vendor with help from a malware analyst and an alleged Babuk developer. Continue Reading
-
News
20 Oct 2021
Gartner analysts debate ransomware payments
During Gartner's IT Symposium, analysts discussed the complex factors companies face when deciding whether or not to give into ransom demands. Continue Reading
-
Guest Post
20 Oct 2021
5 questions to ask when creating a ransomware recovery plan
These 'five W's of ransomware' will help organizations ask the right questions when creating a ransomware-specific disaster recovery plan. Continue Reading
-
News
15 Oct 2021
Accenture sheds more light on August data breach
The IT services giant disclosed in an SEC filing that threat actors stole and leaked proprietary data during a LockBit ransomware attack earlier this year. Continue Reading
-
Tutorial
12 Oct 2021
Learn to work with the Microsoft Graph Security API
The API assists organizations that want to connect their security systems with a programmatic way to produce quicker results when performing investigations. Continue Reading
-
News
24 Sep 2021
Cybersecurity leaders back law for critical infrastructure
In the wake of cyberattacks like Colonial Pipeline, U.S. senators want a national law requiring critical infrastructure companies to report cybersecurity incidents to CISA. Continue Reading
-
Definition
20 Sep 2021
runbook
Runbooks are a set of standardized written procedures for completing repetitive IT processes within a company. Continue Reading
-
News
15 Sep 2021
McAfee discovers Chinese APT campaign 'Operation Harvest'
McAfee Enterprise found the threat actors had not only breached a company's network, but had spent 'multiple years' siphoning data from the victim before getting caught. Continue Reading
-
Feature
14 Sep 2021
Why companies should use AI for fraud management, detection
AI is involved in many cybersecurity processes. Now it's making inroads in fraud management and detection. The benefits, however, are not without AI's nagging bias challenge. Continue Reading
-
News
08 Sep 2021
CrowdStrike threat report: Breakout time decreased 67% in 2021
CrowdStrike's latest research shows threat actors have reduced the time it takes for them to move laterally in victim environments, thanks in part to ransomware as a service. Continue Reading
-
Feature
30 Aug 2021
Malware analysis for beginners: Getting started
With the cybersecurity industry struggling to fill open positions, now is the time to start in the field. Infosec expert Dylan Barker shares what you should know to be a malware analyst. Continue Reading
-
Feature
30 Aug 2021
Top static malware analysis techniques for beginners
Malware will eventually get onto an endpoint, server or network. Using static analysis can help find known malware variants before they cause damage. Continue Reading
-
Tip
30 Aug 2021
Use ISO 22332 to improve business continuity plans
Standards offer guidance on business continuity and disaster recovery plans. ISO 22332 is no exception, providing great detail on how to prepare and execute a BC plan. Continue Reading
-
News
19 Aug 2021
CISA offers ransomware response guidelines to organizations
In its new ransomware prevention and response guide, CISA 'strongly discourages paying a ransom,' citing the potential to embolden threat actors and fund illicit activity. Continue Reading
-
News
18 Aug 2021
T-Mobile breach exposes data for more than 40M people
The telecom giant confirmed reports that its network was breached by a threat actor who stole personal data on more than 40 million current, former and prospective customers. Continue Reading
-
Tip
18 Aug 2021
Make a power outage business continuity plan with these tips
Power outages can lead to business disruption and hit at any moment. Infrastructure testing and emergency protocols can help with business continuity when the lights go down. Continue Reading
-
News
12 Aug 2021
Months after the Accellion breach, more victims emerge
The Accellion breach occurred last December, but more victims have come to light in recent weeks as investigations, notifications and disclosures stretch on through the summer. Continue Reading
-
News
09 Aug 2021
Transparency after a cyber attack: How much is too much?
Sharing threat intelligence and proof-of-concept exploits can often help other organizations better defend themselves, but such efforts are hampered by obstacles and restrictions. Continue Reading
-
News
05 Aug 2021
Researchers argue action bias hinders incident response
A Black Hat 2021 session focused on the human instinct to act immediately after a cyber attack and how that can negatively impact incident response. Continue Reading
-
News
26 Jul 2021
Coveware: Median ransomware payment down 40% in Q2 2021
Coveware CEO Bill Siegel said that the efficacy of using data leak threats to obtain ransomware payments has gone down because 'you don't get anything in return when you pay.' Continue Reading
-
News
22 Jul 2021
Kaseya obtained ransomware decryptor from 'trusted third party'
Kaseya told SearchSecurity that for 'confidentiality reasons' it could only confirm that the ransomware decryptor came from a trusted third party and that it was helping customers. Continue Reading
-
News
15 Jul 2021
US government launches 'StopRansomware' site
In the latest initiatives to combat ransomware, the new website provides individuals and organizations with services and tools to help reduce the risk of attacks. Continue Reading
-
News
08 Jul 2021
Dutch researchers shed new light on Kaseya vulnerabilities
Dutch security researchers were working with Kaseya to get an authentication bypass flaw and other bugs patched when the catastrophic supply chain attack occurred. Continue Reading
-
News
08 Jul 2021
Kaseya post-attack VSA deployment delayed until Sunday
Kaseya CEO Fred Voccola said in an early Wednesday video update that the VSA deployment delay was 'probably the hardest decision I've had to make in my career.' Continue Reading
-
News
06 Jul 2021
Kaseya ransomware attacks: What we know so far
REvil ransomware threat actors exploited a zero-day vulnerability to issue ransomware payloads disguised as legitimate software updates from Kaseya. Continue Reading
-
News
06 Jul 2021
Kaseya: 1,500 organizations affected by REvil attacks
Approximately 50 managed service providers and up to 1,500 of their customers were compromised via a devastating supply chain attack on Kaseya by REvil ransomware actors. Continue Reading
-
News
17 Jun 2021
SolarWinds response team recounts early days of attack
During a webcast, members of the SolarWinds incident response team explained how a lucky break with a virtual machine aided their investigation into the historic breach. Continue Reading
-
News
14 Jun 2021
Accellion breach raises notification concerns
Victims of the breach continue to emerge, and one customer said it could have acted sooner, but a critical alert about a zero-day never left Accellion's email system. Continue Reading
-
News
10 Jun 2021
JBS USA paid $11M ransom to REvil hackers
Last week JBS USA said the ransomware attack was resolved and all facilities were fully operational, but now the company confirmed it paid a huge ransom. Continue Reading
-
Podcast
10 Jun 2021
Risk & Repeat: Colonial Pipeline CEO grilled by Congress
Colonial Pipeline Co. CEO Joseph Blount faced criticism from several members of Congress this week during two different hearings on the recent ransomware attack. Continue Reading
-
News
03 Jun 2021
FireEye and Mandiant part ways in $1.2B deal
FireEye products and Mandiant incident response services will split into two entities under the pending acquisition of FireEye by Symphony Technology Group. Continue Reading
-
Feature
03 Jun 2021
How to ethically conduct pen testing for social engineering
Author Joe Gray explores his interest in pen testing for social engineering, what it means to be an ethical hacker and how to get started in the career. Continue Reading
-
Feature
03 Jun 2021
How to handle social engineering penetration testing results
In the wake of conducting social engineering penetration testing, companies need to have a plan ready to prevent or minimize phishing, vishing and other attacks. Continue Reading
-
News
27 May 2021
DHS opens valve on new pipeline security requirements
The U.S. government has put forward a trio of new cybersecurity requirements for companies that operate oil and gas pipelines, including incident reporting and risk assessment. Continue Reading
-
News
25 May 2021
Operational technology is the new low-hanging fruit for hackers
FireEye researchers say exposed and poorly guarded industrial systems are being increasingly compromised by low-skill hackers using entry-level exploit techniques. Continue Reading
-
News
24 May 2021
Conti ransomware spree draws FBI attention
Hospitals and emergency service networks in the U.S. are at heightened risk from the new ransomware operation that disrupted Ireland's healthcare system in recent weeks. Continue Reading
-
News
19 May 2021
SolarWinds CEO: Supply chain attack began in January 2019
SolarWinds CEO Sudhakar Ramakrishna clarified earlier remarks from the company and said the massive supply chain attack was not the result of an intern's mistake. Continue Reading
-
News
18 May 2021
5 ways bad incident response plans can help threat actors
Infosec executives from Netskope and Chipotle Mexican Grill hosted an RSA Conference session about their personal experiences and lessons learned while responding to attacks. Continue Reading
-
News
18 May 2021
Sophos: 81% of attacks last year involved ransomware
The majority of incidents Sophos responded to in the last year involved ransomware. The company also found the median dwell time of attackers was 11 days. Continue Reading
-
News
13 May 2021
Verizon DBIR shows sharp increase in ransomware attacks
According to Verizon's latest Data Breach Investigations Report, 60% of ransomware cases involved either direct installation or installation via desktop sharing software. Continue Reading
-
News
12 May 2021
Cyber insurance firm AXA halts coverage for ransom payments
As ransomware attacks increase across the globe and ransom payment reimbursement becomes a key issue for cyber insurers, AXA may be setting a new trend for private industries. Continue Reading
-
News
10 May 2021
Colonial Pipeline runs dry following ransomware attack
A vital U.S. oil supply was shut down to prevent a ransomware infection from spreading from corporate IT systems to more crucial operational technology systems. Continue Reading
-
Feature
10 May 2021
From EDR to XDR: Inside extended detection and response
As the definition of endpoints evolves, so too must the technology to protect them. Enter extended detection and response, or XDR -- one of cybersecurity's hottest acronyms. Continue Reading
-
Guest Post
03 May 2021
Cybersecurity contingency planning needs a face-lift
Following the unexpected craziness of 2020, companies need to sit down and revamp their cybersecurity contingency plan to ensure their business continuity. Continue Reading
-
News
15 Apr 2021
Applus inspection systems still down following malware attack
Applus Technologies said it stopped a malware attack two weeks ago, but systems are still down as eight states are forced to extend vehicle inspection dates. Continue Reading
-
Tip
07 Apr 2021
MDR vs. MSSP: Why it's vital to know the difference
When assessing MDR vs. MSSP, the key is understanding why the two aren't interchangeable and how each handles response. Continue Reading
-
Guest Post
16 Mar 2021
How attackers counter incident response after a data breach
It's not over until it's over. Explore how attackers use backdoors and evasion techniques to counter incident response measures even long after a data breach is disclosed. Continue Reading
-
Tip
25 Feb 2021
How to manage third-party risk in the supply chain
From third-party risk assessments to multifactor authentication, follow these steps to ensure suppliers don't end up being your enterprise cybersecurity strategy's weakest link. Continue Reading
-
Tip
24 Feb 2021
How to prevent supply chain attacks: Tips for suppliers
Every company, large and small, must assume it is a target in the supply chain. Suppliers should follow these best practices to keep themselves and their customers protected. Continue Reading
-
Tip
23 Feb 2021
How to achieve security observability in complex environments
Security observability is a novel approach to incident detection that goes beyond traditional monitoring. Read on to learn if this emerging strategy is right for your enterprise. Continue Reading
-
Tip
10 Feb 2021
How to address and prevent security alert fatigue
An influx of false positive security alerts can lead infosec pros to overlook real threats. Learn how to avoid security alert fatigue and avoid its potential consequences. Continue Reading
-
News
08 Feb 2021
Microsoft, SolarWinds in dispute over nation-state attacks
The latest investigation updates from SolarWinds and Microsoft offer differing views on how nation-state threat actors compromised SolarWinds' environment. Continue Reading
-
Feature
08 Feb 2021
5 cybersecurity lessons from the SolarWinds breach
Ransomware attack simulations, accessing enterprise logs and pen testing software code are among the best practices cybersecurity pros suggest following the SolarWinds breach. Continue Reading
-
Feature
29 Jan 2021
The case for applying psychology in cybersecurity training
Chartered psychologist Rebecca McKeown describes how psychology in cybersecurity can improve incident response and makes the case for a research-based approach to training. Continue Reading
-
News
12 Jan 2021
Capitol building breach poses cybersecurity risks
While security experts are divided on the level of risk, they agree there is a potential for threats after rioters stormed the Capitol building and ransacked offices. Continue Reading
-
Quiz
30 Dec 2020
Review 6 phases of incident response for GCIH exam prep
'GCIH GIAC Certified Incident Handler All-in-One Exam Guide' takes a deep dive into the six phases of incident response to help security pros with GCIH exam prep and certification. Continue Reading
-
Feature
30 Dec 2020
Preparing for GIAC Certified Incident Handler certification
The author of 'GCIH GIAC Certified Incident Handler All-in-One Exam Guide' shares advice on how to prepare for the exam and why an incident response career can be so rewarding. Continue Reading
-
Feature
22 Dec 2020
Enterprise cybersecurity threats spiked in 2020, more to come in 2021
After an unprecedented year from an enterprise cybersecurity threat standpoint, security leaders are preparing for growing number and sophistication of attacks in 2021. Continue Reading
-
Tip
09 Dec 2020
Key SOC metrics and KPIs: How to define and use them
Enterprises struggle to get the most out of their security operation centers. Using the proper SOC metrics and KPIs can help. Learn how to define and benefit from them here. Continue Reading
-
Tip
08 Dec 2020
Pros and cons of an outsourced SOC vs. in-house SOC
Security operations centers have become an essential element of threat detection. Here's how to decide whether to build one in-house or outsource SOC capabilities. Continue Reading
-
Tip
25 Nov 2020
8 benefits of a security operations center
A security operations center can help lessen the fallout of a data breach, but its business benefits go much further than that. Here are eight SOC benefits to consider. Continue Reading
-
Feature
24 Nov 2020
Compare 5 SecOps certifications and training courses
Explore five SecOps certifications available to IT professionals looking to demonstrate and enhance their knowledge of threat monitoring and incident response. Continue Reading
-
Tip
04 Nov 2020
Red team vs. blue team vs. purple team: What's the difference?
Red team-blue team exercises simulate attacks on enterprise networks. What does each team do? Where do purple teams fit in? Find out here. Continue Reading
-
Tip
30 Oct 2020
Benefits of virtual SOCs: Enterprise-run vs. fully managed
A virtual security operations center, be it managed in-house or by a third party, is becoming an increasingly popular option to save money and improve reliability. Continue Reading
-
Tip
21 Oct 2020
Evaluating SOC automation benefits and limitations
Security operations center automation can help address the security skills gap by scaling critical analyst responsibilities. But an overreliance on AI introduces other risks. Continue Reading
-
Tip
23 Sep 2020
5 key enterprise SOC team roles and responsibilities
Review the key players in the 2020 SOC and their specific responsibilities, as well as best practices to ensure effective teamwork for a secure organization. Continue Reading
-
Feature
11 Aug 2020
Security team analyzes data breach costs for better metrics
Security researchers discuss their findings on misleading and incorrect data breach cost metrics and share how breach reporting and information sharing can help all organizations. Continue Reading
-
News
29 Jul 2020
IBM: Compromised credentials led to higher data breach costs
The average total cost of a data breach is $3.86 million, according to new research from IBM and the Ponemon Institute, and compromised credentials are the biggest reason why. Continue Reading
-
Podcast
17 Jul 2020
Risk & Repeat: Twitter breach leads to account hijacking
This week's Risk & Repeat podcast discusses how threat actors gained access to Twitter's internal systems and hijacked the accounts of Jeff Bezos, Bill Gates and others. Continue Reading
-
Tip
08 May 2020
How to protect the network from ransomware in 5 steps
Stronger network security could be the key to preventing a ransomware infection. Follow these five steps to protect your network from ransomware. Continue Reading
-
Quiz
06 May 2020
Test your cyber-smarts with this network security quiz
Show what you know about the topics covered in the May 2020 issue of Information Security magazine. If you get nine of 10 answers right, you'll also receive CPE credit! Continue Reading
-
Infographic
01 May 2020
The state of cybersecurity risk: Detection and mitigation
Hackers will always try to creep in, and many will succeed. That's why effective detection and mitigation are essential. How are enterprises faring? Continue Reading
-
Tip
08 Apr 2020
12 key elements of a crisis management plan
Starting or revising your crisis management planning? Include these elements in a plan to make sure you don't leave anything out and your organization can run effectively. Continue Reading
-
News
02 Apr 2020
Beazley: Ransomware attacks on clients 'skyrocketed' in 2019
The 2020 Beazley Breach Briefing reported a 131% increase in reported attacks against clients last year, and the insurance giant isn't expecting the trend to slow down. Continue Reading
-
News
24 Mar 2020
Canon breach exposes General Electric employee data
Canon Business Process Services was breached last month, according to an announcement by General Electric, which used Canon for employee document processing. Continue Reading
-
News
20 Mar 2020
Emsisoft, Coveware offer free ransomware services to hospitals
As they grapple with the COVID-19 pandemic, healthcare providers will have free access to a range of ransomware-related services from security vendors Emsisoft and Coveware. Continue Reading
-
News
05 Mar 2020
Risky ransomware payments on the rise, attacks increasing
Making payments to threat actors to retrieve data was once viewed in black-and-white terms. But RSA Conference attendees say attitudes about paying up have changed drastically. Continue Reading
-
Tip
04 Mar 2020
Tips for cybersecurity pandemic planning in the workplace
Is your security team prepared for a workplace pandemic? This guidance will ensure your company's cybersecurity posture can be maintained despite a potentially severe health event. Continue Reading
-
News
26 Feb 2020
Target embraces cyber war gaming to improve incident response
At an RSA Conference 2020 panel, Target explained how the company is using war gaming to simulate real attacks and data breaches in order to hone its incident response plan. Continue Reading
-
News
25 Feb 2020
Colorado CISO details SamSam ransomware attack, recovery
At RSA Conference, Colorado CISO Deborah Blyth gave an inside look at the state's response and recovery effort following a devastating SamSam ransomware infection in 2018. Continue Reading
-
News
24 Feb 2020
Cisco launches SecureX platform for integrated security
At RSA Conference 2020, Cisco unveiled SecureX, which integrates the vendor's security portfolio into a single platform with enhanced visibility and automation. Continue Reading
-
News
19 Feb 2020
Why ransomware attacks on municipalities spiked in 2019
Ransomware spread to a number of city, state and local governments across the U.S. in 2019. Threat researchers weigh in on the increased attacks and what to expect in 2020. Continue Reading