The things we find hardest in incident response(incident.io) |
The things we find hardest in incident response(incident.io) |
This might be the most important bit of advice here; the corollary is barely mentioned at the end, and deserves more discussion:
When you think you know what's going on, what's caused it and how to fix it, recap your evidence and argument and make sure that if the group has been uncovering evidence against that hypothesis, you don't ignore it. Few incidents will be made much worse off by a five minute delay in applying the right fix; there's no end of the trouble you can get into by applying a terrible fix.