In Security Response, Practice Makes Perfect

We've heard it many times in many forms -- expect to be breached, expect that you've been breached, expect that you are being breached.

1 2 Page 2
Page 2 of 2

To this end, data integrity has become a component of a number of industry guidelines, government regulations and other internationally published standards. "Take financial institutions," says Gault. "They are bound to numerous data integrity requirements, so it is critical for these firms to have a secure audit trail around all aspects of their financial transaction histories; an audit trail that will stand the test of time, stand up in a court of law, hold up against regulatory scrutiny; an audit trail that cannot be manipulated by insiders, even when they maintain trusted access to core financial systems."

And of course when you have it all mapped out, it's important to execute the plan. "Companies must put their plans to the test, conducting table-top exercises for key scenarios the companies expect to encounter," Aldridge added.

As with anything specialized and complicated, practice makes perfect. Therefore, successfully getting through the response process takes practice. "You play the way you practice," said Henry during his keynote. "Training exercises are critical -- organizations need to conduct table-top exercises so that when things go bad within the process they know how to react to different situations."

When it comes to security response, it might be good advice to follow the guidance contained in the Ulysses S. Grant quote that Henry referenced at the conference: "The art of war is simple enough. Find out where your enemy is. Get at him as soon as you can. Strike him as hard as you can, and keep moving on."

An additional thought worth considering can also be attributed to Grant: "In every battle there comes a time when both sides consider themselves beaten, then he who continues the attack wins."

Don't give up. Don't give in. Don't get even. Just get back to business.

Sean Martin is a CISSP and the founder of security consulting, research and analysis firm imsmartin. Write him at

Read more about wide area network in Network World's Wide Area Network section.

This story, "In Security Response, Practice Makes Perfect" was originally published by Network World.

Copyright © 2012 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Discover what your peers are reading. Sign up for our FREE email newsletters today!