Organizations should focus data sharing post-incident, not attribution

Assistant US Attorney Ed McAndrew shares tips on what organizations should do after a breach has been discovered. The key is information, not attribution

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

LAS VEGAS - There have been several notable security incidents in the news this year, from healthcare and retail breaches, to financial; even security firms themselves have been targeted.

In each instance, attribution seems to take the lead during incident response, something organizations should resist. The key is collecting the right information and passing it on to the right people. When it comes to figuring out who did it and where they are, authorities are the ones who should take the lead – organizations that focus on this area first are wasting resources and time.

US Attorney Ed McAndrew (DE), who has years of experience working cases dealing with Internet-based crimes under his belt, recently spoke to CSO Online and offered some unique insight into the federal side of incident response and what organizations can to do better prepare for law enforcement involvement.

To continue reading this article register now

Shop Tech Products at Amazon