Every day we evolve our capabilities to respond to security incidents, however, it is necessary to highlight that hacker tools and techniques are also constantly evolving: They are increasingly stealthy and camouflaged.
Cybersecurity experts indicate that in the current scenario the best practice is to use ethical hacking by analyzing your networks and operations always from the perspective of the attacker, looking for the main indicators and areas of exposure before they are explored.
It all comes down to how skillful your team can screen for security incidents.
This article aims to continue our series Communicate, Respond, and Prevent (you can access the first article by clicking here). Today we are going to talk about how to identify types of security incidents.
The best way to determine the appropriate incident response in any situation is to understand what types of attacks can be used against your organization.
Now that you are familiar with NIST's list of attack categories, it is important to review your security, control, and mitigation policies to ensure that these attack vectors are covered. Use this list to guide your team through the classification process for various types of security incidents.
It is also important to identify what types of equipment that may cause the greatest risk in the event of loss or theft, this includes CFO laptops, as well as any HDD Server that contains IP or sensitive data.
In our next article, we will talk about Security Triage Options, highlighting how to combine local and global threat intelligence for more effective screening, and how to categorize and mitigate incidents from an attacker's perspective.