Cyber-Security Incident Reporting and Escalation

Security incidents are inevitable. The challenge organizations and IT admins need to address is how to effectively and efficiently respond to them when they occur. Incident reporting, and the process for escalating issues to make sure they get the appropriate attention, is crucial for minimizing the fallout from a security event.

An interesting presentation this year at the RSA Security Conference in San Francisco was from Winn Schwartau. Winn is the founder of The Security Awareness Company. Many people at the presentation may not have realized that Winn actually started out in music recording and promotion. His presentation, “I Survived Rock n’ Roll—The Show Must Go On,” drew a number of parallels from his experience in the music industry and explained how the lessons he learned there helped him develop effective incident response processes for cyber-security as well.

Winn had the honor of working with a number of very famous artists such as Stevie Wonder, Bob Marley, Liza Minnelli, and Jimi Hendrix. What he learned is that the best laid plans often fail, that you have to be prepared for problems to arise, and it’s often important to think outside the box to solve these problems.

He pointed out that complexity is the root of many problems—no matter what industry you’re in. It also makes isolating and resolving issues more challenging. One of the most crucial aspects of incident response is effective incident reporting. Monitoring systems may flag suspicious or malicious activity and create an alert, but the important part is that there has to be a process in place to effectively escalate and handle the incident.

Winn also stressed the importance of feedback and the need to embrace failure. You need to be able to monitor what’s going on so you can identify issues, and you need to be able to learn from security incidents when they occur and apply those lessons to prevent future repeats of that security event.

Leave a Reply

Your email address will not be published. Required fields are marked *

15 thoughts on “Cyber-Security Incident Reporting and Escalation”