Skip to main content

Offense Wins Games... Defense Wins Championships: Tips to Build Your Security Strategy. Part Three - Post-Game Show

February 26, 2015

The preparation took months and a lot of blood, sweat and tears went into reaching the championship game. It’s over in a blink. The fireworks go off, trophies are handed out - and you hear it all from a silent locker room. 

Part one of this series was all about the preparation. You studied your opponent’s films, optimized your bench and created your playbook. Game day came along in part two. You and your team had to make game time decisions based on your rival’s actions. You had done everything right to prepare and execute on your plan. But in the final 30 seconds of the game, your head coach decided to throw a slant pass on the one yard line despite the fact that you have the best running back in the league. Game over. You’ve been breached. 

It has taken all of us some time to dissect what went wrong – the remediation plan, the internal and external communications strategies, and the plan going forward to the next season. In the third and final segment of this blog series, we are live from the post-game show, reporting on the steps that need to be taken after a breach has occurred. 

Part 3 – Post-Game Show

After a loss you ask yourself, “Where did we go wrong? How do we make sure this doesn’t happen again? How do we deal with the negative press and our upset fans?” The time has come to initiate your incident response plan. 

Identify Clear Areas of Failure 
Review your film to figure out where you went wrong through root cause analysis. Break the game down play-by-play; analyze the data for the events and gaps that led to the failure. Then, identify the factors that should be addressed to reduce the risk of future incidents. 

Prepare to Answer Questions 
Questions are going to be coming your way, so be ready to answer the hard ones. Pulling from our How to Survive Breach Failure blog, be sure to ask yourself and team, “Where did we go wrong? What has been affected? How do we communicate internally and externally? How do we measure the success of our IR Plan? Are there regulatory or compliance requirements that specify how soon after a suspected breach we must report the incident?” And get ready to answer, “Why am I paying you? How in the world did you let this happen?” Stay calm; don’t let the negative energy drive emotional decisions. Stick to the plan. 

Update the Game Plan
Learn from the loss or the win. Don’t get complacent or go back to doing the same thing. Look for inefficiencies in your people, processes or technology and optimize to win the next season. Adjust your plan based on the lessons learned and then communicate to your team, giving special attention to those who didn’t follow the process. Upgrade any faulty technology. Prepare for the draft; get ready to make personnel changes or modifications to your players’ training regiments. Consider if equipment is needed or missing, and validate your needs for budget approvals.  

Team Huddle
After a breach, bring your players together; after all you are still a team. Hold an official debrief with your team and any executives that must be engaged to review what has happened, the effect, the improvements that will be addressed, and how future incidents will be reduced to lead to success. The post-mortem review is important regardless of whether or not you won this game. True leadership is shown by your actions after the game.  Prove that you have the ability to be gratified by the good plays and learn from the bad ones.  

Communicate to Your Fans and the Media
You have the responsibility to communicate to the public, your company stakeholders and employees. Be sure to include the appropriate channels to ensure proper, relevant and impactful communication. Be prepared with your legal team to address legal activity as appropriate. Your brand is vital, and your fans and the media drive your reputation.  Be sure to take the communication very seriously, appear confident and act deliberately – not panicked or emotional. They are counting on you for another season. It is important they trust you to lead the team to victory next year.

Prepare for the Upcoming Season  
You have documented your mistakes and lessons learned. You met with your team to discuss the problem areas and the plans for improvement. You followed your subscribed incident response (IR) plan and continue to optimize your process, personnel and playbook. It is time to get back to work – looking to the next season. Be sure to keep a sharp eye, the enemy is coming after you again. Watch out for new threat actors and the up-and-coming threats; the season will come again and that championship game will be back within reach. 

In this three-part series we dissected the pre-game plan, game day and post-game. In the pre-game we prepared our team, studied our films and those of our opponent’s offense. We built our playbook and our IR plan in case something went wrong, and we optimized our bench with the best people, processes and technology. On game day, we warmed up and were ready to execute on the plan with agility, playing by the rules, protecting our end zone and preparing for a comeback. No matter the preparations or the game plan execution, it’s not “if” or “when” a breach will happen, it’s “where” you have been breached. In this final part of the series we executed on our IR plan, updated and refined.  

While the theme of these blogs used football as a fun way to think about our security strategy, the subject is very serious. With mega breaches becoming common, it is easy to become complacent with “breach fatigue.” As a profession we need to continue to challenge ourselves each day to get better by improving our defenses, gaining visibility into our systems and leading with incident response management.  

Related Blogs

January 27, 2015

Offense Wins Games... Defense Wins Championships: Tips to Build Your Security Game Plan

Avid sports fans from around the country are eagerly awaiting the much anticipated Super Bowl match-up between the New England Patriots and the Seattl...

See Details

January 29, 2015

Offense Wins Games... Defense Wins Championships: Tips to Build Your Security Strategy. Part Two - Game Day!

Now it’s game day for your team. They have gathered in the locker room for pre-game meetings, rituals and pep-talks by fellow coaches and team captain...

See Details

March 08, 2018

Part 2: Frameworks in Context: The Business-Aligned Information Security Program and Control Frameworks

In part 1 of this series, we provided insights responding to the frequent question regarding control frameworks and their place in the security strate...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

January 23, 2015

An Intelligence-Driven Security Program | Optiv

Threat intelligence is a term that causes some people to roll their eyes – mainly because they’ve been relentlessly bombarded with the typical hype an...

See Details

December 10, 2014

Building an Information Security Program from Scratch | Optiv

The unfortunate reality of today’s business world is that information security breaches are an everyday occurrence. A quote that is thrown around in t...

See Details

November 21, 2014

Strategy and Tactics: Penetration Testing in the Security Program

In the war of information security, the eldritch horror of knowing resides in the bowels of the vulnerability scanning report. Before, you might have ...

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.