Incident response is a carefully choreographed dance with misfortune. Every action may ultimately prove important, and therefore incident response teams must provide a vehicle to capture action items and ensure they are completed on time.
Balance written impressions with subsequent litigation discovery requests, and it becomes a plan issue. A mature incident response plan provides guidance for how to log events during an incident response activity, including instructions for preferred use of team logging software. Logging is mostly a training issue.
From an incident response team’s perspective, members should be unrestrained in their ability to capture information and formulate hypotheses about action and impact. But fully unrestrained behavior may run counter to a company’s best interests. That is why LEO advocates feature-rich logging tools combined with tangible recordation procedures.
LEO works with a number of law firms well versed in cyber security incident response. These seasoned attorneys are familiar with LEO’s incident response framework and can suggest logging protocols that fit your company.