This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. From Events to Incidents As more data on computer forensics becomes available, many have come to realize that the resource cost involved in incident handling situations is fairly significant. In addition, staffing an incident handling team with the proper skills required to effectively carry out incident handling is quite challenge. This is even more of a challenge for many large organizations with sizeable network. As such, it is in their best interest to optimally deploy such scarce resource. As in the case of a less than optimized intrusion... Copyright SANS Institut