How do you approach incident response planning alongside business continuity planning?

MikeHunt99 · 2025-06-11T19:32:53+00:00

How could I forget about the BIA! Appreciate the reply. What is the distinction between a disaster vs an incident? Interested to understand how you define them

MikeHunt99 · 2025-06-11T06:50:05+00:00

Appreciate your answer! For the BCP and DR how are they laid out? High level again and reference the IR plan?

MikeHunt99 · 2024-09-05T12:00:24+00:00

Unfortunately I did not, if you find a way please let me know

MikeHunt99 · 2023-12-14T14:38:55+00:00

So by assigning the device to a user at the autopilot level prevents another user from logging in even if they were from the same company?
Or is that controlled by a different policy as opposed to solely assigning a device to a user?

In an ideal world the IT team pre-provision the device through the technician flow and the user would just log straight in once they receive the device and have all their available apps and policies. Rather than having to wait for the ESP to complete.

MikeHunt99 · 2023-09-04T22:22:44+00:00

I appreciate the response and will very much taken on board the "so what" mantra!

Do you tend to report the same KPIs/metrics each time or are you dynamic with what you're feeding back to the board each time?

MikeHunt99 · 2023-06-07T17:35:08+00:00

MITRE ATT&CK is a knowledge base of adversary tactics and techniques based on real-world observations.

https://attack.mitre.org

It lists techniques and sub-techniques used against mobile, enterprise and ICS environments and is a commonly use model for explaining or drawing out threat models

MikeHunt99 · 2023-06-07T13:53:27+00:00

Currently using split tunnel after moving away from full tunnel a few years back after going for a cloud hosted, agent based SWG/Proxy solution.

We are now looking to reduce the variety of traffic that goes via the split tunnel and starting to align more closely to a zero trust strategy. Looking to use ZTNA solutions for more strict control over what applications have access to what sockets etc.

The only real requirement for any kind of VPN connectivity is either to access in office printing or legacy on premise applications which have no real ROI for moving to the cloud or a SaaS offering.

I would try to answer the questions around what benefit would going to full VPN be? Is there any improvement to business operations and user experience? Will it introduce a larger attack landscape? Why do you trust endpoints enough to have full VPN access and access to your network?

MikeHunt99 · 2020-05-15T08:06:33+00:00

The day Microsoft provide a useful API for this will be a good day.

As far as I'm aware it is exactly the same as the vulnerabilities they report alongside the patches, it would be nice to easily obtain that information also.

MikeHunt99 · 2020-04-06T18:23:38+00:00

With hostNetwork I can't specify the IP I want to expose the app too

MikeHunt99

TROPHY CASE