Preparedness for security practitioners is similar to a boxer’s stance; if they’re caught on their heels, they’ll inevitably hit the canvas when the inevitable punch connects. The same stands true for the modern day security warrior. They have to be prepared in case any security incident occurs, not sure pre-incident, but post as well.

Incident response is a critical component of any security strategy, but as much as it may seem like that’s common knowledge, too many infosec pros still fail to build out a plan successfully. For those looking to build out an effective incident response plan, it all starts with ensuring you have a good executive sponsor, says Sam McLane, chief technology services officer for Arctic Wolf, a SOC-as-a-service provider.

Communicating the value and effort it takes to develop the plan to a stakeholder in the business can go a long way, so it’s important to have that before you get started, he says.

“If you don’t have that kind of buy-in and if they don’t think it’s important, you’re going to fail,” McLane told InfoSec Insider during a video interview shot at the Black Hat, a security conference in the US. Naturally, the next step is to get started in creating the plan and communicating it effectively to all stakeholders in the business, he added.

In the full video interview below, McLane discusses the major dos and don'ts when it comes to incident response, in addition to some misconceptions that some security practitioners may have on the topic.

Click here to watch the video.

Marcos Colón
SVP, Content Marketing
As MISTI’s content marketing lead, Marcos spearheads the brand’s content marketing strategy, implementing a process to deliver high-quality insight to information security and internal audit professionals. Prior to working with MISTI, he served as the online editor for the award-winning SC Magazine, a prominent B2B IT security publication. He also served as a senior editor at NewsCred, a prominent content marketing agency, where he provided content strategy guidance for leading brands that include Discover, IBM, Visa and Bloomberg.