Wednesday, September 5, 2012

Preparing for Your First Security Breach

I recommend you take a few minutes to read this post about preparing for your first security breach by Conrad Constantine at Alien Vault.  He offers some good, personal advice that probably is not in your Incident Response Plan (you do have an IR plan, right???).

Some of my favorite recommendations he makes are:
Before anything else, no matter what field you work in during times of crisis you will see everyone's true colors brought forth - not least of which - your own. You will know more about yourself and your co-workers after the event than you ever did before.
[Senior executives] are going to require fast and decisive answers from you - welcome to their world - you will be asked to make quick assessments of the information you have available and be held accountable for them afterwards. 
Your first responsibility will be to create a complete and detailed timeline. [Note: I completely agree with this recommendation!]
Things are going to get a little crazy, requests become orders and niceties fall to the wayside.
 And maybe my favorite line:
In this day and age, it is an accepted truth that all organizations will be breached at some point - what is important is how you handle it.  
I am not a data breach expert, but I have been involved in a couple of breach or suspected breach situations.  The thing to remember are that nobody is going to be able to think clearly, so have a good plan.  Then develop your detailed timeline, document it, and maintain your sanity as best as you can.  Even if you are only on the periphery, events and people can get strange.

Read the article and maybe put a copy with your IR plan -- you are likely to need both at the same time.

No comments:

Post a Comment