Every Solution You Can Imagine – and More
What cybersecurity solution do you need? From Zero Trust to ADR, IAM, risk/privacy, data protection, AppSec and threat, securing digital transformation, to resiliency and remediation, we can build the right program to help solve your challenges.
A Single Partner for Everything You Need
Optiv works with more than 450 world-class security technology partners. By putting you at the center of our unmatched ecosystem of people, products, partners and programs, we accelerate business progress like no other company can.
We Are Optiv
Greatness is every team working toward a common goal. Winning in spite of cyber threats and overcoming challenges in spite of them. It’s building for a future that only you can create or simply coming home in time for dinner.
However you define greatness, Optiv is in your corner. We manage cyber risk so you can secure your full potential.
Lessons on Proactive Incident Management From… the Packers?
Leaving it to chance, isn’t a best practice
Information security and professional football don’t appear to have much in common. Fantasy football and information security probably have more in common but still, it’s not a lot.
We are weeks into the NFL season and so far, my fantasy team is very average. I am not complaining because I took some risks this year. The biggest being I opted to deal with the auto-assigned picks of players to make up my team, missing the live draft. One of the greatest challenges this season is determining which players I need to replace and who to start each week. Right off the bat, I was set back, as three picks turned out to be suspended or injured. The other challenge is adjusting for week 8, when half of my team is on their bye week.
Long story short, my fantasy team is kind of a mess.
I started working on this blog while watching my beloved Green Bay Packers take a hard loss to Washington in week three. During the game, I started to think how everything regarding my fantasy team was left to chance. Soon enough, I began making comparisons between football and incident management, including the work that should go into preparation for an incident.
Incident Management Strategy – In many organizations, this is the most overlooked step. We tend to see less mature organizations completely skip this or simply neglect to document the long-term strategy for incident management. It is unfortunate that organizations skip this step, as it provides an opportunity to track and highlight progress over the years. This also allows the incident management structure to get in front of other business units. Some of the items to consider in the strategy are:
You will not find any professional football team without a strategy. They typically have this planned out for three- to five-years and are continuously adjusting their strategy to meet the target for next season’s needed improvements.
Incident Management Plan – This is where most organizations begin Incident Response (IR) efforts, hopefully well before an incident. The typical first-level effort is to search online for an IR plan template and quickly modify it to suit their specific needs. In the beginning, this sounds like a quick and easy win. However, this often means hours and resources spent meeting with other departments, documenting, and potentially navigating internal political obstacles to customize the plan. A plan is going to be your key in responding to an incident. A hastily developed plan can have disastrous consequences. Some considerations for your plan:
Incident Management Tabletop Exercise – This is exactly what it sounds like. The participants for a tabletop include your technical resources and often includes executive leadership, legal, human resources and other business partners. You want the right mix of individuals to respond to the scenario that your team is being tested on. For example, if the scenario developed includes an insider threat, you will definitely want human resources to be involved. It is recommended teams conduct a tabletop at least twice per year to continue improving their response efforts. It is also just as important to have at least one of those tabletops facilitated by an external party with experience in IR. This can help uncover unconscious blind spots.
In football terms, I believe preseason games most closely align with tabletops. The team is there to test their players, the playbooks they have developed, and fine tune their plan for the season. In football, we know when the season is going to kick-off, where within incident management we never know when the incident is going to happen. But we know it will happen at some point.
My middling fantasy football team will adjust. I’ll take stock each week of the options I have with my players, craft a game plan based on my opponent, and execute my strategy using the tools at my disposal. But just like in security, preparation can only get one so far.
Chance is always a factor. But ask any winning organization what their secret to success is and they won’t tell you “we just got lucky.” Preparation, planning, execution, and knowing what your team can do matters as much in football as it does in security as it does in life.
Let us know what you need, and we will have an Optiv professional contact you shortly.