Tuesday, January 28, 2014

Are You a "Target"? - Incident Managment (part 2)

   I'm calling this part 2, but it's really the third in a series covering the consumer and enterprise sides of incidents and breaches.  This is always an important infosec topic, but the recent highly publicized issues effecting Target, Neiman Marcus and, as we're told, 3 other organizations to be named later brings this to the forefront.

   Many say that it's not a question of if we will suffer a breach, but when and how we will suffer a breach.  And yet there are organizations that consider this an optional capability.

   Last time we talked about the first two parts of the Incident Management program: Prevention and Planning/Preparation.

   Next is:
Communication. So these groups know their roles:

Tuesday, January 14, 2014

Are You a "Target"? - Incident Managment (part 1)

   It seems that every few days we get additional news about the Target breach.  There has been plenty posted about this including articles here, here and here.  And, unfortunately for my colleagues at Target, I don't think we heard the last on this.

   Last time I talked about the consumer side of the issue, and how individuals should protect themselves from the effects of an information breach.  Today we'll look at the corporate side... Incident Management.

   Incident Management is a critical part of any information security program.  I don't think there's any governance framework that doesn't include this important topic.  I'm a fan of the way NIST lays this out in SP800-61, with a few modifications.

   In boxing and martial arts, the saying goes: the best way to avoid getting hit is to not be there.