Introduction

What?

Incidents do and will continue to happen. Set up a security incident response team (SIRT). And a security operations team (SOC).

Why?

To be better prepared to face security incidents with confidence and a clear action plan (instead of operating in a panic). And a SOC to defend against security breaches and actively isolate and mitigate security risks.

How?

• Digital forensics law matters

• Digital forensics problems and challenges

• Develop an incident response plan

• Set up an incident response team

• Communications are key

• Security operations center in a nutshell

• Set up a security operations team

• Measuring team effectiveness