Articles on Incident Response
- Risk Management Could Regulatory Compliance Encourage Weaker Security? Compliance replaces social norms with market exchanges—companies see fines as a "price" rather than feeling obligated to protect data. Like day care parents who arrived late more often after fines...
- Malware Analysis 3 Tools to Scan the File System With Custom Malware Signatures Traditional antivirus tools don't allow custom signatures, but ClamAV, YARA, and Vscan let incident responders scan file systems for indicators of compromise without waiting for vendor updates. YARA...
- Incident Response Initial Security Incident Questionnaire for Responders This cheat sheet helps incident handlers assess situations by asking the right questions: understanding background (how detected, security posture), defining communication parameters (coordinator,...
- Malware Evolving Threats: The Long Tail of Potential Data Breach Victims The "long tail" of potential breach victims—numerous SMBs comprising 80% of the population—attracts attackers who prefer quantity over quality. These targets have weaker defenses and there are many...
- Incident Response Insider Threat - A Touchy Security Topic The insider vs. outsider threat debate may be less relevant as external attackers increasingly compromise employee workstations via social engineering and exploit kits—outsiders become insiders....
- Incident Response Incorporating Mobile Devices into Enterprise Security Enterprise security hasn't kept up with consumerization—powerful mobile devices often have VPN access and email but lack mature OS security controls. Organizations need greater network segmentation,...