Incident Response

Speed Warp – The Data Breach Notification Hustle

Speed Warp – The Data Breach Notification Hustle 1920 1080 SethJaffe
By Seth Jaffe. Companies are starting to feel the squeeze of compressed data breach notification time frames. Facebook is a prime example. Going by the wayside are the loose timelines for notifying agencies or data subjects, only to be replaced by concrete notification windows. At present, just under 20 states have injected specific time frame [...]read more

NIST Releases Cybersecurity Framework 1.1

NIST Releases Cybersecurity Framework 1.1 2160 1440 HeathRenfrow
By Heath C Renfrow, CISSP, C|CISO, C|EH, C|NDA The National Institute of Standards and Technology (NIST) announced on April 16, 2018 the release of the Cyber Security Framework (CSF) 1.1, intended to improve Critical Infrastructure Cybersecurity. The focus of this framework when first developed in 2014 was geared towards industries vital to economic and national security, [...]read more

To Pay or Not to Pay (Ransomware)

To Pay or Not to Pay (Ransomware) 2160 1440 HeathRenfrow
By Heath C Renfrow, CISSP, C|CISO, C|EH, C|NDA The recent ransomware attack on the City of Atlanta cost the city an estimated $2.7 million, and raises the question, do you pay or do you not pay? Ransomware has exploded over the last few years and has been especially hard on the healthcare industry - who can [...]read more

What the Hawaii Missile Scare Can Teach Incident Response Teams

What the Hawaii Missile Scare Can Teach Incident Response Teams 1280 480 SethJaffe
By Seth Jaffe. Heads finally rolled over at Hawaii’s Emergency Management Agency. What can the incident response community take away from this latest real-life example? Procedures, Rules, and Communication Protocols, which are the underlying principles of a modern incident response program. I’ve written about all three in prior incident response posts, but let’s apply them [...]read more

Why Your Incident Response Plan Needs Rules

Why Your Incident Response Plan Needs Rules 1200 450 SethJaffe
By Seth Jaffe. Over the holidays, we dusted off some board games for a little family fun. One of the things that struck me was the frequency with which players consulted the game rules. The more complicated the game, of course, the more folks scoured the rule guide. This got me thinking about incident response, [...]read more

Why Your Incident Response Plan Needs Procedures

Why Your Incident Response Plan Needs Procedures 1200 450 SethJaffe
By Seth Jaffe. When I’m boarding an aircraft, I always glance in the cockpit to see the dials, switches, and flight crew. The captain and first officer do not have time to say hello, however, because they are running through their pre-flight checklists. It is something they do up to five times per day for [...]read more

Benefit of Cross-Training Incident Response Team Members

Benefit of Cross-Training Incident Response Team Members 852 319 SethJaffe
By Seth Jaffe. WARNING – Fire onboard the Space Shuttle. That’s the scenario that former Mission Operations Director Paul Hill leads off with in describing a great exchange between NASA flight controllers that demonstrates the importance of effective cross-training.[1] Paul is filling the role of Flight Director during a Shuttle simulation (during training simulations, NASA [...]read more

NASA’s Flight Director – Why Your Incident Response Team Should Have One

NASA’s Flight Director – Why Your Incident Response Team Should Have One 640 240 SethJaffe
  By Seth Jaffe. CNN’s Danielle Wiener-Bronner penned an article recently chronicling Equifax’s data breach missteps. One statement in particular caught my attention as being sage wisdom, and worth fleshing out: “Too many decision makers yield a slow response, which results in negative attention.” The importance of an empowered incident response director cannot be understated. Consistent with our theme on incident [...]read more

The Importance of an Executable Incident Response Plan, and How NASA Can Help

The Importance of an Executable Incident Response Plan, and How NASA Can Help 2560 1700 SethJaffe
By Seth Jaffe. Brian Harrell had a good piece this week on improving cybersecurity governance in the boardroom, a topic that we routinely blog about in our Cyber Governance Corner Series. So why am I mentioning a governance article in the Incident Response Series? Because Brian opines, in his article, that “[c]ompliance is a regulatory minimum that one must [...]read more

The Evolutional Leap from a Basic Incident Response Plan to an Executable Incident Response Program

The Evolutional Leap from a Basic Incident Response Plan to an Executable Incident Response Program 1280 512 SethJaffe
By Seth Jaffe. In the wake of the Equifax data breach, the time is right to revisit incident response. Dozens of authorities recommend incident response plans (you may have seen lists on my twitter feed or LinkedIn posts), but what does it really mean to have an incident response plan? Is it simply to check [...]read more

Emergency Response after Harvey

Emergency Response after Harvey 640 240 SethJaffe
By Seth Jaffe. In the wake of Harvey here in Houston, I took a few minutes to pull up FEMA’s Emergency Management Guide to see how it compares with #incidentresponse.  Originally penned in 1993, the Guide offers a number of lessons for the average cyber incident response plan. For example, it begins with review of [...]read more