The modern Chief Information Security Officer (CISO) understands the importance of incident response in the context of an overall enterprise risk management strategy. Common strategies to perform a so-called “shift right” transition in emphasis on the prevent-detect-respond scale underscore how critically essential it has become for CISO-led teams to have effective tools, processes, and procedures to support their incident response program.
Luckily, this new emphasis builds on a mature base. Incident response has been an element of security programs since their inception, and most working professionals understand how to handle an on-going case or exploit incident. What might not have been as clear at the outset, however, but that has become quite obvious today is the critical role that digital forensic investigation capabilities play in assuring that incidents are responded to properly.