tag:blogger.com,1999:blog-6447283518071683105.post3575777096731990796..comments2023-04-02T10:17:04.631-04:00Comments on Forensic Incident Response: The clock is tickinghogflyhttp://www.blogger.com/profile/00741773109962883616noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-6447283518071683105.post-90055885522740791182008-10-20T20:55:00.000-04:002008-10-20T20:55:00.000-04:00Definitely. The corps ate up the OODA methodology...Definitely. The corps ate up the OODA methodology even though others initially scoffed at the idea. <BR/> <BR/><BR/>Response time is a definite limitation. "Temporal proximity" or as I've called it in the past a Window of Risk needs to be closed and detection needs to be faster. I had an incident recently that really reinforced OODA. Detection occurred rapidly, and response was initiated hogflyhttps://www.blogger.com/profile/00741773109962883616noreply@blogger.comtag:blogger.com,1999:blog-6447283518071683105.post-1743737997211628152008-10-20T20:36:00.000-04:002008-10-20T20:36:00.000-04:00We learned about the OODA loop while I was in trai...We learned about the OODA loop while I was in training the Marine Corps in '89, but it had been around a long while before then.<BR/><BR/>The fact is that most IR done today by internal staff is insufficient, due to lack of knowledge and training, and can end up exposing the organization greater risk than the incident itself.<BR/><BR/>To succeed, you need to tighten your OODA loop and get inside H. Carveyhttps://www.blogger.com/profile/08966595734678290320noreply@blogger.com