3 Common Misconceptions In Incident Response
This article by Mahmood Sher-Jan was originally published in the ISACA Cybersecurity News Site, The Nexus.
I was recently reminded of the following sentiment by a colleague of mine in the office: “It is better to be prepared 1 year too early than 1 day too late.”
Despite the growing awareness of purpose-built software and best practices, misconceptions in incident response management persist. I have a unique vantage point as chief executive officer of RADAR, Inc. (an incident response management and decision-support software provider) because I make it a point to meet and collaborate with clients and see firsthand the reality of how organizations manage incidents and track metrics and trends that surface in the process. A significant volume of incidents involving regulated data have been securely processed through our platform, and that number grows every day. When analyzing the metadata from these incidents, it is important to note the distinction between a data incident and a data breach. Breaches are far less common than incidents when there is a strong culture of detection, consistent risk assessment, risk mitigation and compliance.
Analyzing incident metadata and looking across key industries that deal in regulated data reveal a few insights where the common industry conceptions may be challenged. The misconceptions are due largely to analysis of reported data breaches as opposed to data incidents.