Here’s a really good…no, I take that back…a great blog post by Sean Mason on “IR muscle memory”. Take the time to give it a read, it’ll be worth it, for no other reason than because it’s valuable advice. Incident response cannot be something that you talk about once and never actually do; it needs to be part of muscle memory. Can you detect an incident, and if so, how does your organization react? Or, if you receive an external notification of a security incident, how does your organization respond?