learning from incidents

In Infosec, there are risks (what could happen) and incidents (what has happened).

We deal with risks proactively by asking questions. Identify, describe, quantify and so on. We treat the risks, hopefully avoid them.

Incidents call for a reactive posture. How can we recover?

A mature organization prefers to be proactive as opposed to reactive. One way is to interconnect the two approaches. Analyze your incident history so that recurring issues can be addressed. Don't forget that rear mirror.

Read more about distinguishing between risk and issue at The Innovation of Risk.

No comments: