After a breach, businesses need to know their incident response from their digital forensics. Hint: Forensics enables organizations to know what happened, when and how, to guide incident responders as they defuse the problem, block further exploits and quickly restore all systems and data. Incident response expert David Stubley, the CEO of 7 Elements who previously headed penetration testing at the MoD and RBS, offers five core principles all organizations should apply when responding to any incident - be it Equifax, Deloitte or your own suspected breach. He advises organizations to be sure to run such efforts independent of any law enforcement agencies or regulatory efforts to ensure they isolate the problem and gets protected as quickly as possible.
See Also: Threat Intelligence - Hype or Hope?