Security Incident Response
-
Hi all just a quick question.
I need to fill out a basic questionnaire for an RFP. The customer wants(among other things):
"Describe your security incident response procedures"
My assumption is they want to know what happens if we get hacked/breached, what our response would be.
Rather than just filling out "Call a professional security response company" I feel something else needs to be there.
Also,
"Indicate your company's information encryption level for data at rest and data in motion"
We arent using Bitlocker or LUKS. SMB shares dont have encryption enabled due to it requiring smb3 and the disabling of smb1, which may have an effect on non windows machines to connect to the smb shares -
A lot of times those questionaires are just boilerplate and they don't care what they say at all. Might be a case like that.
-
Yes i was thinking they just want an answer and dont really care what the answer is.
-
@momurda said in Security Incident Response:
Yes i was thinking they just want an answer and dont really care what the answer is.
Good chance that that is the case.
