Keynote: Bruce Schneier - The Future of Incident Response presented at AppSecUSA 2014

by Bruce Schneier,

Summary : Network attacks are inevitable. Protection and detection can only take you so far, and response -- incident response -- is finally getting the attention it deserves. I look at the economic and psychological drivers the computer security industry, and describe how the future of incident response in this context. Unlike other aspects of security technology, IR needs to augment people rather than replace them. This requires a systems theory approach to IR, and I borrow one from the US Air Force: OODA loops. Understanding how IR works will be critical to maintaining network security in the coming decade.