tag:blogger.com,1999:blog-9518042.post7371741357679964473..comments2024-03-19T07:46:20.437-05:00Comments on Windows Incident Response: Changing the Face of IRUnknownnoreply@blogger.comBlogger5125tag:blogger.com,1999:blog-9518042.post-9605478052783197152008-12-04T17:41:00.000-05:002008-12-04T17:41:00.000-05:00"66% of breaches involved data the victim did not ..."66% of breaches involved data the victim did not know was on the system" That's a scary figure as well. I think of all the corporate laptops that get stolen across the world. How can they identify a breach of PII if they don't know what was on the systems to begin with....Crosserhttps://www.blogger.com/profile/11902606869063717715noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-88829316559961054532008-12-01T11:27:00.000-05:002008-12-01T11:27:00.000-05:00I think that part of the problem is that there sim...I think that part of the problem is that there simply aren't metrics to demonstrate what happens when you don't prepare for an incident. It's funny, too, that organizations have processes to pay employees, perform order fulfillment and service delivery, etc.H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-28647501323647132282008-12-01T11:19:00.000-05:002008-12-01T11:19:00.000-05:00Commonly heard..."We'll cross that bridge IF we co...Commonly heard...<BR/><BR/>"We'll cross that bridge IF we come to it." <BR/><BR/>"Prevention or preparedness is not revenue generation."<BR/><BR/>The "won't happen to us" statement fits true with nearly every company, until it happens.<BR/><BR/>Doesn't mean it's right, but these words are spoken quite a bit.Brett Shavershttps://www.blogger.com/profile/08207321430604828713noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-25131517961266319722008-12-01T06:50:00.000-05:002008-12-01T06:50:00.000-05:00Hogfly,I'm afraid that you're right. However, it'...Hogfly,<BR/><BR/>I'm afraid that you're right. However, it's time to make a serious move toward incident prevention and readiness, rather than waiting for an incident to happen. As always, it will take outside stimulus to accomplish this...H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.comtag:blogger.com,1999:blog-9518042.post-40730778655243464132008-12-01T06:31:00.000-05:002008-12-01T06:31:00.000-05:00I think there's still a large portion of companies...I think there's still a large portion of companies that think "it won't happen to us" and that the people in charge are so out of touch with reality that they have no idea what is really going on. They told someone in a meeting that they "better have an incident response plan" whatever that is, and promptly moved on to the next bullet point in the agenda. People just don't care about buckling their seat belt until they've already been in an accident.hogflyhttps://www.blogger.com/profile/00741773109962883616noreply@blogger.com