Skip to main content

Offense Wins Games... Defense Wins Championships: Tips to Build Your Security Strategy. Part Two - Game Day!

January 29, 2015

During the first part of this series we explained that in order to be a Super Bowl champion, you need to study the offense and be prepared with a flexible defense. In years past, we had incident response scenarios that we relied upon to prepare for breaches. Today, there is no “playbook” for the defense. The old school book on security doesn't work anymore.  

Now it’s game day for your team. They have gathered in the locker room for pre-game meetings, rituals and pep-talks by fellow coaches and team captains. The time has come for them to execute on the game plan that has been laid-out, practiced and approved by team management. The adrenaline is pumping … scenarios of how the game will play out running through the heads of the coaches, players and fans. Will the preparation be enough? 

When the time comes to implement the people, process and technologies set forth and approved for your business-aligned security program, preparation will not be enough; game-time decisions, team agility, following the rules, zone protection and remaining calm, cool and collected are all a must. The following tips will help you towards implementation of a successful program regardless of what trick-plays come your way.

Part 2 - Game Day!

Pre-game Warm-ups 
Make sure you reiterate the game plan to your defensive staff and team at your pre-game meeting. Restate the team’s targets to make sure they understand the plan to protect against the opponent’s attacks, where the attacks are likely to come from, and they can stop the attacks. Go through additional training with your second- and third-string players in case of injury. Review the defensive formations ensuring your players see the full team picture, but also understand their individual responsibility and its importance to your team’s success. 

Recognize the Rules
Football is a game of inches; sloppy fouls can really cost you. Government and industry regulations change frequently and impact each security program. These regulations must be taken into consideration, although they should not be the end-all-be-all for your security program decisions. Following government and industry regulations can keep you out of hot water, and provide value when you need to go to your leadership for added budget (if it is sold as a required control to be in compliance). Remember that compliance to regulations doesn’t mean security. Concentrate on winning the game with a strong security program focused on the risks; don’t be overly obsessed with calling plays based on regulations or you could lose the game.

Protect the End Zone 
Your opponent is after one thing, your end zone. You must protect it at all costs. In your game plan, you made sure your team understood that you needed to “batten down the hatches” to keep the enemy from scoring. Make sure you have done a good job identifying your company’s  crown jewels. Where is the important information? How sensitive are our systems to an outage? Guard your end zone through network segmentation, keeping systems patched, and using endpoint protection to ensure you have your players lining up the right places for the best defense.  

Keep an Eye on the Game
The coaches are in the skybox to keep a broad perspective of the game. They use instant replay, pictures of the offensive plays, and injury reports to stay on top of the game while in progress. They adjust their defenses. Make sure you adopt a similar strategy and use  available tools to  give you visibility into your systems. With the average breach exceeding 230 days before detection, you need to keep a wide view on the playing field. Always be alert for the trick play (e.g. a DDoS attack to mask exfiltration of your data).  Use your advanced analytics, forensic capabilities, data leakage alerts, firewall alerts and the jumbotron of security - your security information and event management (SIEM).  

Agility is Key
As the game progresses and new information becomes available, you should  adapt your play calling. Be sure to make adjustments or updates to your controls in real time. If your threat intelligence indicates a change or new vulnerability, you will need to create new rules and feed those rules to your deep coverage zone defense, a.k.a your intrusion detection systems and security incident event management systems. You can call an audible when needed, use it! 

Prepare for a Comeback
Games don’t always go your way. Remain calm if you are down on the scoreboard or the officials make a questionable call. Stay confident – you cannot execute a comeback in a panic. Even with the best preparation, things can and will go wrong. If you find yourself behind on the score, you should have a strong incident response plan to execute. This plan must include a process for identifying the nature of the incident, containing the identified problem, remediation, and using proper post-incident communication channels to ensure understanding and create a strategy to move forward. A recovery plan is key if you intend on making that comeback. 

In the last part of this blog series, we will explore the post game analysis of lessons learned from reviewing mistakes, and refining your game plan based on retroactive knowledge and the potential plays your foes are planning next.  

Related Blogs

January 27, 2015

Offense Wins Games... Defense Wins Championships: Tips to Build Your Security Game Plan

Avid sports fans from around the country are eagerly awaiting the much anticipated Super Bowl match-up between the New England Patriots and the Seattl...

See Details

February 26, 2015

Offense Wins Games... Defense Wins Championships: Tips to Build Your Security Strategy. Part Three - Post-Game Show

The preparation took months and a lot of blood, sweat and tears went into reaching the championship game. It’s over in a blink. The fireworks go off, ...

See Details

March 08, 2018

Part 2: Frameworks in Context: The Business-Aligned Information Security Program and Control Frameworks

In part 1 of this series, we provided insights responding to the frequent question regarding control frameworks and their place in the security strate...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

January 23, 2015

An Intelligence-Driven Security Program | Optiv

Threat intelligence is a term that causes some people to roll their eyes – mainly because they’ve been relentlessly bombarded with the typical hype an...

See Details

December 10, 2014

Building an Information Security Program from Scratch | Optiv

The unfortunate reality of today’s business world is that information security breaches are an everyday occurrence. A quote that is thrown around in t...

See Details

November 21, 2014

Strategy and Tactics: Penetration Testing in the Security Program

In the war of information security, the eldritch horror of knowing resides in the bowels of the vulnerability scanning report. Before, you might have ...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.