Schneier on Security

Incident Response Management Breaking New Ground

• SearchSecurity
• July 7, 2014

Bruce Schneier is one of the best-known security professionals both within the field and in the larger world of technology policymaking. He’s written 12 books, produces the influential "Schneier on Security" blog and is widely quoted in the press. After a multi-year stint at BT Managed Security Solutions, Schneier has moved to a startup: Co3 Systems. The new company, where he serves as Chief Technology Officer, makes a tool that focuses specifically on security incident response management.

"It’s software that allows companies to coordinate their response," Schneier says. "You put in your response plan—or if you don’t have one, it generates best practices. It knows the laws; it knows the regulations. You tell it who does what. And when an incident happens, it generates tasks, it follows up on them, and it makes sure that everything that’s supposed to get done gets done."

Schneier adds that the product’s record-keeping capabilities mean if there is subsequent litigation, you’ll be able to prove that your organization stayed within its policies and performed the tasks that it had committed to in its incident response plans. It makes a lot of the other tools you’re using to deal with incidents better, he says, "because it puts them in place where you need them, when you need them."