In Depth
Incident Response: When Bad Things Happen to Good Companies
If you don't have a clear incident response plan in place, you risk losing millions of dollars.
By Simone Kaplan
Because every incident (and its potential effect on your systems) has its own particular traits and required responses, it's important to first get a grasp of the kind of incident-handling expertise your network staff and others on the team already have, says Walt Foultz, director of IT security for Farmers Insurance Group. "Incident response is not only a security activity," he says. "All sources of qualified and competent assistance must be assessed so you can be sure, collectively, that you have the skills to handle the job."
During the early stages of creating an incident response program, Foultz suggests surveying your potential team members to scope out the depth of their incident response skills and technical knowledge. Find out if anyone has a specialty, such as dealing with network probes or e-mail viruses. Foultz gives his own staff verbal pop quizzes to make sure they know their stuff. "One technique I use is to set up hypothetical situations, and they have to tell me what they'd do," he says. He also makes sure every staff member allocates a percentage of her regular work time to learn about the latest cyberincident trends and security technologies. "We do that with individual training and by disseminating internal research to the team through management and scheduled awareness sessions," he says.
How your team is structured depends on the skills and available resources within your company. Large companies often have response teams staffed with people dedicated solely to handling incidents, while smaller companies often create a team consisting of a core group of people from several IT and business departments who get tapped if something happens.
George Wade, Lucent Technologies' regional security manager for North America, recommends casting a wide net when choosing your incident response team. The ideal team should include members of your IT security team who know the company's networks, applications and systems inside and out. Don't forget to include representatives from other departments in the company. Not all CSOs will include people from media relations on their response teams, Wade says. "But if someone defaces your corporate website and reporters suddenly start calling, you'll understand very quickly how important it is to have a company spokesperson informed and involved," he explains.
Some companies decide to involve their disaster recovery or business continuity departments in their response teams
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
