The Big Picture of the Security Incident Cycle

The Big Picture of the Security Incident Cycle.

Via Lenny Zelster, Richard Bejtlich, a well known Computer Incident Response Team (CIRT) person has an interesting view of IT Security pictured here:

What is normally considered the major functions of IT Security, are simply the first two phases of Bejtlich’s Incident Response cycle – Plan and Resist.

Note the use of the word, “Resist” rather than “Prevent,” thus forcing the recognition that incidents will happen. In other words, if you are not detecting incidents, it’s because you don’t have the right tools in place.

Well worth reading the whole post. Also there is a link to the Bejtlich’s complete presentation.