August 7, 2009 3:47 PM
Posted by: Arian Eigen Heald
"How Do You Know?",
Adventures in Auditing,
Data Breaches,
Incident Response,
information securityI finally asked that deadly question: "What do your Incident Response Procedures say?" Whoops, there goes all the buddy-buddy geekiness: I have morphed into The Auditor Who Asks Questions.
"Umm, well, they pretty much say to do what we just did." I notice the vagueness of the reply,...
July 31, 2009 4:25 PM
Posted by: Arian Eigen Heald
Data Breaches,
Incident Response,
information security,
information security policyThe problem with being a "geek" is that we truly love to tinker, to fix, to improve, to test....etc. So when you announce to a bunch of us that a website on the network has been broken into, there's lots of leaping into action.
Which is exactly what you don't want to do. At all.
While...
June 29, 2009 8:19 PM
Posted by: Arian Eigen Heald
Incident Response,
IRT,
Physical SecurityI recently attended a seminar at a well known southwestern school on building an Incident Response Team. During the discussion about Team membership, management oversight of the Team and related responsibilities, I noticed that the membership of the Team and the Oversight Committee was lacking...
