Incident detection and response must be as important to your enterprise as the focus on prevention. Many organisations spend too much time and money on the “Before” of a security incident but are unable to respond when (not if) a critical incident occurs. Create, test, and implement an incident response plan. Understand your risk profile, assets, and resources. Acquire the technology and resources to accurately discover incidents. Ensure you have the ability to respond in a timely manner and with conviction. Ensure recovery after the incident to minimise disruption. Above all else, test your plan in anger at least annually.