In the face of a breach, security professionals must establish relationships with their local FBI agents, and relevant information-sharing bodies, as well as have a well practiced plan of action, a panel of experts said Wednesday at the SC Congress New York 2011.
Almost every industry – from financial services to health care to state government – has a designated information sharing and analysis center (ISAC) to disseminate relevant threat information, panelists said during a presentation titled “2011: The year of the breach.”
Jeffrey Brown, global program manager of global financial services firm GE Capital, said the various ISACs are helpful, as they provide member organizations with near real-time intelligence about threats impacting their sector. In some cases, they even provide information about how to configure security tools to detect actual threats seen at other companies.
On top of joining the relevant information-sharing bodies, security professionals should reach out local FBI agents, who, when appropriate, can also provide information about specific threats, said panelist Pedro Cordero, assistant section chief of the FBI's Cyber Division. Having an established relationship with law enforcement can also expedite beach remediation and response activities, he added.
“Having that pre-existing relationship with the FBI is key,” Cordero said. “When something happens, its nice to reach out to someone you have had conversations with.”
Gene Fredriksen, global information security officer at international manufacturing services firm Tyco International, said security professionals should not be afraid to reach out to law enforcement about threats they are experiencing.
“If you give [them] a call, [they] won't run over and wrap yellow tape around your office,” Fredriksen said.
And finally, in addition to just having a written incident response plan in place, security professional must practice it, something few actually do, Fredriksen said. Running a drill will help uncover issues, such as language barriers and legal issues that may arise when responding to a security incident.