Thursday, March 05, 2009

Cyber Stress Cases

Earlier this week I attended an IANS Mid-Atlantic Information Security Forum. During the conference Phil Gardner made a good point. He noted that the ongoing credit crisis has fundamentally altered the world's perception of business risk. He said the changes to financial operations are only the beginning. These changes will eventually sweep into information security as well.

This reminded me of the world's reaction to 9/11. The day the attacks happened, I was working at our MSSP. Some of my customers called to ask if we were seeing unusual digital attacks against their systems. That really surprised me, but it emphasized the fact that 9/11 introduced a new era of security-mindedness. I believe that era has largely passed, but for the better part of this decade 9/11 stimulated security thinking.

I watch as much CNBC as possible (during lunch and dinner) and I am hearing the term "stress cases" repeatedly. This is not the same as Treasury Secretary Geithner's "stress tests," but it is related. Businesses are essentially doing planning for various levels of financial stress. In other words, they analyze financial operations in the case that their assets are worth 50% of book value, or 40%, or 30%, and so on.

From a digital security standpoint, that sounds like incident response planning. You make plans for various contingencies and decide how to handle them. I think this will manifest itself when you hear your CxO ask "what will you do if X, Y, or Z happen?"

Richard Bejtlich is teaching new classes in Europe and Las Vegas in 2009. Online Europe registration ends by 1 Apr, and seats are filling. "Super Early" Las Vegas registration ends 15 Mar.


Anonymous said...

Informative/Interesting Article

Ref: (See also Richard Bejtlich's Incident Detection, Response and Forensics.)

Security Implications of the Humble Computer Clock
By Simson Garfinkel , CSO , 3/04/2009

Anonymous said...

Correct URL

Keydet89 said...

...sounds like incident response planning.

If it walks like a duck, quacks like a duck...

This has been necessary for a while. Once a CSIRP is in place, you have to test through it. The Navy has "shakedown" cruises for their ships to work the kinks out...the same holds true for CSIRPs. Marines know that thanks to Murphy and the "fog of war", the best plan goes south as soon as you cross the "line of departure", so you need to test your response plan just like you do your disaster recovery plans and even your backup/recovery process. A great way to do this is have an experienced incident responder walk your team through mock incidents, from whiteboard exercises all the way to an actual incident.