The knowledge gained from information security incidents should be used to strengthen and improve information security controls.
The purpose of this control is to enforce the obvious – learning from past mistakes and do not repeat them.
Many organisations either forget or assume that the same attack may happen repeatedly. An important notion to understand is that attackers have limited techniques and methods of exploitation. An organisation doesn't need to wait and be a victim of an attack to understand the nature of the disaster. Keeping a list of possible attacks and learning from the mistakes of others is a vital practice. Eventually, prevention is better than cure. Therefore, it is crucial to establish and maintain a list of past attacks that are still effective in the information security realm. However, the list should not be exhausted, as some attacks might be obsolete against the latest technology.
AvISO will be updating and reviewing all the information regularly, so keep us bookmarked and keep checking!
Got a question or need help? Don't hesitate to reach out to our team.