Increased media attention on cyber incidents, strong data protection legislation and regulatory interest in security has brought increasing investment and progressive improvement in proactive security within companies.
This usually takes the form of a manager responsible for information security, and the introduction of technical security controls. However, I have seen companies struggle with optimising the use of these controls both in defending against attacks, and responding effectively to an incident when an attacker breaches these controls.
...
http://www.scmagazineuk.com/are-you-prepared-for-an-incident/article/293058/
