Stoplights do a pretty amazing job at managing the flow of traffic, and preventing complete chaos on our streets. [inlinetweet prefix=”” tweeter=”” suffix=””]Imagine, though, what a mess things would be if the light turned red and nobody responded?[/inlinetweet]
Security monitoring and alerting works the same way. The tools in place might do a tremendous job at detecting security events, flagging suspicious activity, and issuing alerts. But, if nobody pays attention to the alerts, and nobody does anything in response to the alerts, and the alert is not escalated to the appropriate group or individual to address and resolve the issue, you may as well not have the security monitoring tool in the first place.
At the RSA Conference earlier this year, Winn Schwartau presented a session that talked about effective incident response and escalation through the lens of his experience working in the music industry. I wrote about Schwartau’s presentation in this blog post:
Security incidents are inevitable. The challenge organizations and IT admins need to address is how to effectively and efficiently respond to them when they occur. Incident reporting, and the process for escalating issues to make sure they get the appropriate attention, is crucial for minimizing the fallout from a security event.
An interesting presentation this year at the RSA Security Conference in San Francisco was from Winn Schwartau. Winn is the founder of The Security Awareness Company. Many people at the presentation may not have realized that Winn actually started out in music recording and promotion. His presentation, “I Survived Rock n’ Roll—The Show Must Go On,” drew a number of parallels from his experience in the music industry and explained how the lessons he learned there helped him develop effective incident response processes for cyber-security as well.
Winn had the honor of working with a number of very famous artists such as Stevie Wonder, Bob Marley, Liza Minnelli, and Jimi Hendrix. What he learned is that the best laid plans often fail, that you have to be prepared for problems to arise, and it’s often important to think outside the box to solve these problems.
Read the full blog post here: Cyber-Security Incident Reporting and Escalation.