The number of security incidents in organizations continues to rise. To mount a successful defense, organizations should develop an incident response team dedicated to hunting security problems, and defending against them. This was the topic of the panel “Incident Response Best Practices and True Stories,” conducted on May 21 at Caesar's Palace, Las Vegas.

Nick Pollard, senior director of professional services at Guidance Software Inc., moderated a panel of experts: James Carder, vice president, Logrhythm Labs; Richard Kimball, security professional at Saudi Aramco; and Joseph Salazar, forensic investigator. It took no time for Pollard and the panel to connect with the audience. A majority of attendees either worked as forensic examiners or in a team of incident responders. Six lawyers signed up to attend the meeting but only one self-identified to the audience.

Pollard tossed out the first question to the panel to start things: when an incident occurs, do you respond with forensic analysts or an incident response team?