Eran Feigenbaum, Director of Security for Google Apps, gave the closing keynote at EDUCAUSE Security Professionals conference today. The presentation was on information security in the cloud. He made some interesting points on cloud security (Cloud security isn't perfect...but neither is non-cloud). I'm still thinking through thoughts on that.
One part that did strike me was a part of his speech in which he gave the quote that "Incidents are going to happen"...the question is what do we do to deal with it? He joked about people blogging about that quote, and that it's out of context...but I think that it's spot on, and way too many people in information security don't take that perspective (RSA? NASA?).
Sure, there's big value in preventing the incident in the first place, but in my experience, building up a solid incident response team/plan/procedure (along with the necessary training exercises) can be just as critical to securing the enterprise as the initial prevention. Prevention and Detection/Response have to live hand-in-hand.
Thanks for the thoughts Eran.