In the modern era, breaches have become (unfortunately) a matter of daily news. The recent events show that the probability of becomes higher and higher, as the attacks are becoming more sophisticated and targeted. Unfortunately, the incident response processes are still focused on IT and network breaches rather than looking at the entire range of security incidents that grew rapidly with the introduction of new technologies, concepts and platform. In this lecture we will go over the classification of 'new era' security breaches and try to understand better how they differ from classic ones, along with analyzing the current frameworks of handling them (and pointing out the obvious gaps). Also, we will cover examples from the past year regarding bad practices of incident responses and learn the basic concepts that should be covered in the 'customer facing' incident response. Lastly, we will offer some guidance on what tools are available for lightweight operational incident response and how can one utilize them in order to improve the reply and act for each incident or disclosure.
Security manager/researcher, community enthusiast, curious by nature and spends most of his time learning what else can go wrong.