X-Force Advises – Don’t run around like your clothes are on fire
Meg Swanson 270000TW6R firstname.lastname@example.org | | Tags:  security botnet x-force threat
0 Comments | 2,731 Visits
I have had the distinct honor of working with the IBM X-Force team since 2006, and manage security marketing for IBM across all of the various brands that contribute to build our overall security story. Twice a year, the X-Force team compiles all of the research, data, trends, myths…that are relevant within the Internet security landscape and publishes its recommendations for staying ahead of the threat. This year’s mid-year report launched today (read it here) and covers a whole host of topic areas. One area that deserves the spotlight is the IBM Emergency Response Service section tucked away in pages 54-57. This portion of the report encapsulates what the IBM Emergency Response Service (ERS) would tell you if you were to grab a cup of coffee with any team member and ask, “If you were me, how would you set up your incident response process?”
It is the what-do-you-do-after-you-get-breached section or more professionally referred to as the Computer Security Incident Response Plan (CSIRP) that dives into key details such as ensuring that you have discretionary expense not just for the large items but little things, like buying a $50 flash drive for the IT recovery team. Making sure to create back-ups, save restore points and document and capture information along the way so that if a seemingly minor event begins to escalate into a full-blown incident you’ll have the forensic information to identify the original source and path. Also, you’ll also need a shift-change and meal-plan for the response team working 24/7. Although as one IT-director reminded me… while most IT managers run on caffeine and nicotine, the majority are not trained to do their best decision making at hour 22 without at least a few slices of pepperoni and a Mountain Dew.
I would categorize this section as a must-read for anyone in IT, whether you are focused on security or not. It can serve as a great reference and checklist for your information security response plan. Additionally, you can also use it to raise awareness to your management team about critical items to consider in developing and updating incident response procedures and policies.
And yes, as the title of this post alludes to, one of the pieces of advice from the ERS team is to remain calm in the unfortunate event that your organization becomes a target. There are loads of other great sections in the report about mobile security, botnet takedowns, application and OS vulnerability trends, etc. But I wanted to draw particular attention to a topic that is perhaps not the most glamorous, yet remains one that should absolutely make its way into your next security strategy discussions.