The attackers are in your network — now what?

How will you know and what will you do about it?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

🔒 Related Stories: Cybersecurity for Executives | Data Breaches

💻 Free Content on Jobs in Cybersecurity | ✉️ Sign up for the Email List

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

My previous posts in this series on Cybersecurity for Executives covered many precautions you can take to defend systems. No matter how much defense you employ, at some point, you have a security incident. That brings us to the question of how will you know when an attacker has breached your defenses and what will you do about it?

This post covers two topics at a very high level:
Security monitoring: Ensuring all systems have logging enabled, alerts set up for suspicious behavior, and someone is assigned to watch the logs and alerts.
Incident handling: When something in the logs indicates a security breach, a team of professionals trained to investigate the breach takes action to resolve the breach in the appropriate way.

Incident handling and monitoring teams