In Depth
Ouch! Security Pros' Worst Mistakes
We've all done regrettable things on the job, but does any valuable wisdom come of it? Four security pros candidly explain their biggest blunders and what they learned in the process
By Bill Brenner, Senior Editor
THE LESSON
"I learned that I really needed to work, on a regular basis, to maintain a healthy detachment. I also learned to pick up the phone. Rather than sending out those e-mails late at night, I should have waited until the morning to call everyone and deal with it on the phone. E-mails are a cold way of communicating, anyway, so I have become much more reliant on the phone now. Also, it was difficult to go meet with him in person that morning, but I have learned that you reduce the damage if you are willing to accept responsibility and meet the mistake head-on."
2. TRIAL BY FIRE (AND FLOOD)
- Mistake maker: Jennifer Jabbusch (and colleagues)
- Position: CISO at Carolina Advanced Digital, Inc., security blogger
- Location: Raleigh-Durham area, North Carolina
- The incident: Found out the hard way that one shouldn't neglect business continuity planning
"I would have to say the biggest mistake has been the sin of 'priority pass-over.' When we sat down to review and revise policies for our data security and business continuity, we updated our procedures for discovery, data classification, retention, backups and continuity. We had each of these items in place, but wanted to structure them a bit more and come up with a more definitive schedule for verification.
"[But] with all the hustle and bustle happening, customer projects and service deadlines, we got caught up in other 'to-dos' and didn't complete our changes to comply with our new policies. Of course, the possibility of losing all your data, equipment and PCs is a huge concern, so revising our backup scheme should have been (and was) a priority. But the customer projects were more in our faces and they got the attention first.
"A couple of weeks later, the unthinkable happened. We had a fire AND a flood in the office. The fire, which was started in an unused portion of the old warehouse above our space, caused the sprinklers to go off. And there were lots of them. It might have been okay, but the sprinklers didn't stop. The water flooded into our office space. Ceiling tiles came crashing down and the floor was covered with 8 inches of water, burnt chunks of wood were falling through and just about every piece of equipment was ruined. It was Easter Saturday. I'll never forget the call that morning, or the feeling I had when I walked into the dark water-logged building. It was such a mess.
CSO
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Managing A Growing Threat: An Executive's Guide to Web Application Security
- FISMA Prescriptive Guide
- The Tripwire HIPAA Solution: Meeting the Security Standards Set Forth in Section 164
- Beyond PCI Checklists: Securing Cardholder Data with Tripwire's Enhanced File Integrity Monitoring
- IDC White Paper: CCM for IT Compliance and Risk Management
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
