var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Sunday, January 4, 2015

Get Wisdom as Cheaply as You Can

Happy New Year!

I recently posted the below on the SANS Internet Storm Center site.

A long time ago I was given advice from a non-security professional that is among the best and most influential I have received in my security career - "Get wisdom as cheaply as you can”. I was encouraged to learn from the mistakes of others as a means to avoid the full pain of what they were forced to experience.

There are so many places where you can get your lessons learned without having to suffer through an outage or a security incident. You can learn from news articles or breach disclosure reports such as the Verizon Data Breach Investigations Report (http://www.verizonenterprise.com/DBIR/) and Mandiant M-Trends (https://www.mandiant.com/resources/mandiant-reports/). Create case studies based on these sources that your incident response team can use to conduct tabletop exercises. This preparation exercise will help you determine if your prevention and detection capabilities would be effective if faced with these scenarios

To get you started, here is an example when I failed. I thought it would be a good idea to scan a special internal network segment unannounced with unauthorized equipment. This caused a full and unplanned incident response. I discovered what happened and quickly notified the team of what I did and how sorry I was for causing this incident. Most everyone was gracious and everyone was relieved this was not a real incident. I have not forgotten this lesson and have since put checks in place to make sure it does not happen that way ever again. In addition to learning to only use authorized scanning equipment, I learned the importance of notifying all impacted system and application owners before performing any scans.

Learn from the misfortunes of others. By getting wisdom as cheaply as you can, you are given the opportunity to not have to learn the “hard way”. What lessons have you learned and how have you applied them?