Full article can be found at responding-to-a-data-breach by Conrad Constantine, Alienvault

Responding to Data Breach


I respect your article highly to provide understanding for responding such events. There could be a book to write from all this and as Conrad mentioned – without walking through all this – on can not have a NO CLUE what can and may happen during it. Even those ‘high-velocity human factors’ should be remembered.  I can’t stress enough for the preparation and training importance. Not just theory, but real 24H lasting event.

Among those, using and familiarizing simple tools such as GREPping data and analyzing log files by hand may introduce significance while everything else collapses around. Basic operating system tools and utilities support the effort. The importance of timeline and “war journal” is the 1st thing, even without command structure. After that, most important thing which is obviously missing by mistake is ‘build command structure’. None of the activities performed by group (not solo) of responders make sense in case there is solid understanding of doings and command chain.

Moreover, the command chain is NEEDED – no – it’s IMPERATIVE for organizations/businesses leaders who may be required to communicate such outside the ‘cyber mayhem’ responders. Next thing the conclusions. It would be advisable to create ‘tasking’ order and model to task the conclusions when and if at all they create activities following the understandings.

I do agree and support highly the ‘compartmentalization’ of data. Big things, involving thousands of people and malicious efforts as well, has been and can be protected with such a proper discipline and techniques. If I have to guess, 20% of organizations ever implement it, do nor understand the need behind of this.

The map and timeline altogether with understanding the ‘assets’ in which your game is handled can be defined as ‘tactical depth of defense’. In this context, you can easily understand the meaning. It helps to prepare you within the space and allows activities to be carried out not just by pure guts feelings and conclusions, but maneuvered tactics.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s