• Receive email notice of security breach. ("security@domain.com" and triage) (ALTHOUGH YOU PROBABLY DONT EVEN HAVE THIS, and even if you do you you're getting false positives)
• Activate Incident Response plan.
• Put out the fire. (The best thing to do is to assign ONE person to put to the update. There is a difference between how you put out your first fire and how you put out fires from then on. After your first one, your CEO should not be getting involved. You will handle your first incident very badly. Your PR department is going to deny it. This is bad, but always happens. You will make mistakes we wont anticipate.)
The next question is, if we got hit with an SQLi how to stop SQLi from ever happening again.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment