March 2010 Archives

SOURCE Boston is one of my favorite information security conferences. It is not to say that  other conferences are not good, but SOURCE has the benefit of being relatively close by (New York - Boston is not that far), and the conference is not massively large. As a result, there is excellent interaction between the crowd and the speakers, which is something I appreciate a lot.

Unlike last year, I will most likely not be presenting a full talk. Instead, the organizing committee has asked me to design and moderate a workshop on professional development. Of course, I accepted this invitation gladly, and we are now working to design the session.

To get started in the information security field is not easy. As shrdlu put it recently, information security is a highly specialized craft and practitioners need to get their feet wet before they can truly transition into it. The session at SOURCE Boston will be highly interactive. We'll begin with a  15 minute panel session that should set the stage for the remaining time.

The remainder of the time will take the form of a workshop in which we'll discuss topics like setting realistic goals, identifying relevant work opportunities and building a personal network. We'll also talk about what it is like to be a mentor, and what it takes to be successful as one.

We hope to cover an audience that may range from graduation college seniors to individuals who have been established in a professional environment. If you are interested in learning more, or if you have suggestions to make this session even better, please drop me a line and we'll talk.

More information about SOURCE Boston is available on its web site.

The purpose of having a written incident response plan is to enable an organization to move from being reactionary to (perceived) information security incidents to being well-prepared and able to respond in a way that has been previously determined.

Having a well-defined response plan in place avoids panic, and allows an organization to assess the impact, determine the proper response, and then execute what needs to be done. As a result, response activities will be appropriately scaled and cost-effective as much as possible. It will also ensure that adequate documentation is maintained so that lessons can be learned when the dust has settled.

One activity that an information security manager should never underestimate is the effort that must be deployed to communicate the incident response plan within the stakeholders and obtain buy-in among all those who are affected by it. The plan must be reinforced regularly, either through scheduled reviews and discussion in plenary meetings, or by doing actual drills and exercises.

In an organization that is heavily driven by audit requirements, you probably want to collect some form of sign-off to ensure that all members of your team, as well as key constituents, have read the document and taken note of it.

An incident response plan is only useful if everyone who is affected by it knows about it. Do not fall into the trap of developing a plan and not communicating it. Also avoid the mistake of not developing one all.

Like last year, Fordham University and the New York FBI office are co-organizing the international conference on cyber security. The conference will be held in August in New York City. If the program resembles last year's, it is going to be an interesting event for anyone who works for/with law enforcement on cyber-related cases, and for security professionals with an interest in investigations.

The ICCS 2010 web site is located at http://www.iccs.fordham.edu.