members, testing the plan, maintaining the plan, and purchasing
            the equipment needed to prevent, detect, respond to, and recover
            from incidents.



            Detection and Analysis

            It has been said that "Some people make things happen, some
            people watch things happen, but most people wonder, 'what
            happened?'". This is all too true in incident management. From
            the 2011 Verizon data breach report, we see that nearly 2/3 of all
            organizations that suffered a data breach were not even aware of
            it and had to be informed of the breach by a third party. This is a
            serious problem that hinders effective incident management. An
            organization cannot respond if it is not even aware of what
            happened.


            Detection Methods

            A report is only valuable if somebody reads it, and that is truer
            than ever today. Every day, organizations gather massive
            amounts of log data and spend incredible amounts of money on
            Security Incident and Event Management (SIEM or SEIM)
            systems. They also spend on other alert and monitoring systems
            that capture network, application, and user data. However, in far
            too many cases, it can be noticed that no one has the time or
            responsibility to monitor the logs. Intrusion Detection Systems
            will not really protect an organization; all they do is indicate the
            types of incidents that happen. Sure, they can work with other
            devices to drop connections or alert about suspicious activity.
            Still, they are only as good as their configuration and only as
            effective as the staff that leverages the data collected.