Skip to content

Incident Management: One Team, One Fight

June 7, 2011

As many of us are aware through real world events, it is not a matter of “if” the threat (outsider or insider) will compromise your network and its data, it is a matter of “when.”  Accepting this scenario, an effective incident management process is necessary to address a threat intrusion that is rooted in incident definition, organization, process, tools, plan, and ownership and focuses on the “when.”  This blog entry only addresses one aspect of an effect incident management program, the structure an organization should use to monitor and respond to an incident.

For the sake of discussion, assume an organization has already purchased an effective tool –or an integrated set of tools – to monitor their network.  Too often, I see organizational charts that separate IT operations and security teams.  If you look deeper you find not only walls between the two teams, but you also they use different tools; and they do not share information well.  To be effective against the threat and to respond to operational requirements, neither team can work in isolation and must work together with the forensics team to resolve threats to the network.  Not working together only encourages the threat and perpetuates the duration of the intrusion and the exfiltration of data.

So, when defining or maturing your incident management plan, you need to follow top-rated incident management organizations and recognize that when you put together the monitoring and response pieces of your incident management plan, it is truly “one team, one fight.”  Vertical cylinders of excellence in organizations are never effective at resolving incidents and may even perpetuate them.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: