Offense Wins Games... Defense Wins Championships: Tips to Build Your Security Game Plan
January 27, 2015
Avid sports fans from around the country are eagerly awaiting the much anticipated Super Bowl match-up between the New England Patriots and the Seattle Seahawks this Sunday. As fans prepare by stocking up on snacks and putting their beer on ice, the Super Bowl bound teams are “in the zone” preparing for one of the biggest games of their careers.
To be a Super Bowl champion you need to study the offense and be prepared with a flexible defense. In years past, organizations had incident response scenarios they relied upon to prepare for breaches. Today there is no “playbook” for the defense. The old school book on security just doesn't work anymore.
Like any great NFL team, today’s organizations need to have different plays and highly trained teams to react to unforeseen offensive plays. There are thousands of offensive scenarios, but with focus, training and planning you can counter any new offensive play.
The same tactics football teams apply before, during and after the big game can be used when building a business-aligned security program. In this three part blog series, we take the position of the defensive coordinator and give you tips to determining a successful game plan for your information security program.
Part 1 – Preparation
Preparation is Key
When preparing your security program for execution, regardless of the maturity of your program, preparation is the key to success. Understand the strengths and weaknesses of your program and match them to the real threats to your business.
Study Film – Your Team
Start by understanding the culture of your organization; do you have a more risky organization willing to go for it on “fourth and one”? Or are you a conservative organization practicing safe play calling? It is important to understand your executive team’s view of security; this allows you to align your program to your organization’s culture to ensure the proper controls are in place.
Understanding the maturity of your organization helps you determine how much diligence is needed to ensure your IT environment is properly executed, controlled and monitored. Don’t assume your team is practicing hard and meeting curfew. Test their skills and help them understand the importance of training and preparedness.
Study Film – The Opponents
Staying informed on the current tactics being deployed is vital to a good offense. Did they do something different in the last game? Is there a play used earlier in the year they may execute against our defense? Most of the techniques attackers are using today are not truly new – they are exploits and tools that have been used in the past. Attackers have changed their tactics on attacks and are trying a “wildcat” play to fool the defense. It is important to get regular briefings on the latest tactics being used by the attackers.
Continually adjusting and measuring your threats allows you to reverse engineer your opponent’s plans to help you harden your defenses and streamline your security investments. Mapping the specific people, process and technologies to counter the threat is the most effective process. Figure out your opponent’s most likely course of action. If you can anticipate their plays, you may be able to prevent attacks by shutting down their most likely or most damaging routes. Awareness and monitoring of your opponent’s tactics is essential to reducing risk, responding to trick plays and anticipating their next move.
Complete a full strategy assessment of your security program to understand the strengths and weakness of each security service. Do you have the right processes, enabling technology and personnel that are trained to execute? A great defense wins championships!
Elevate Your Playbook
Refine your playbook with the recon you have gathered on your opponent, and your organization’s culture and maturity. Ensure your security strategy is aligned to the overall business. Obtain executive buy-in on the plan to ensure your head coach understands the value of your program and the risk trade-offs.
Build Your Contingency Plan
A solid and documented incident response plan is vital. Ensure that the plan is realistic and can be executed by the team based on your bench and the technology you have available. Focus on using the most effective personnel and train them on the procedures.
Think Outside the Norm
Using canned plays against your opponent will leave your organization vulnerable; utilizing the standard risk assessment or a static incident response team only will not set you up to see the big picture. You have the jumbo video and game time pictures; be prepared to use them while in the game.
Make sure you have focused a significant part of your new investments on visibility into your operations. The average amount of time it takes for an organization to detect a breach is 230 days. A team cannot depend solely on the safety position; if the running back is in the secondary before your line heard the hike you will be giving up a lot of yards on defense. Dig deep into the strategy of the game to reduce your risk. You need to be ready to call an audible and read the offense as the play happens.
Optimize the Bench
If your bench is hurting because of injury, acknowledge it. You must understand the level of maturity of your IT resources and technologies in order to protect vulnerable areas more efficiently. Don’t forget about trades if you need to upgrade a position.
Your stars have a target on their back, protect them. There is a high demand for good security professionals. Make sure you are keeping each person’s job interesting. Understand their personal needs and how to reward them best. Money is a temporary motivator; if you want long-term loyalty motivate them through recognition and new challenges. What are their long-term goals? Do they want to be on the defensive line, safety, tackle or defensive end?
Map your overall team to identify the depth of your bench; identify those players that are key to the success of your business and would be crippling if lost. Don’t forget about game-time injuries and have a plan for who you could substitute for the starting position. Think through a rotation for the game to keep your players fresh on the field. Make sure you have a plan for local lodging and transportation for your incident responders if the game goes into overtime.
Game Time – Final Preparation
Once the film is put away, your playbook is bound and approved by team leadership, and first string is identified and briefed, it is time to execute on your plan of attack. Your plan should defend the critical information assets by ensuring that you have the necessary security controls in place to protect your most critical resources. Part two of this blog series will dive into what it takes to have a successful game day with the implementation of your security strategy.