ABSTRACT
In this chapter, we begin addressing organizational needs to deal with the aftermath of an event. Many believe that the work of response and recovery (introduced in the next chapter) is entirely the responsibility of management. To the contrary, an organization’s incident response is conducted by the computer incident response team, a carefully selected group that, in addition to security and general IT staff, may include representatives from legal, human resources, and public relations departments. As is the case with all other aspects of cybersecurity, an organization can prevent and react to security events much more effectively if everyone involved in developing and using
Cybercriminals are successfully targeting organizations of all sizes across all industry sectors. Recent analyst and media reports suggest that attacks are becoming increasingly sophisticated and more frequent and their impact more severe. One global company that suffered a large breach spent over $100 million on investigating the incident and on other direct remediation activities. But those costs are small compared to the subsequent multibillion-dollar loss in market capitalization, which was largely attributed to investors’ loss of confidence in the company’s ability to respond.
