While some might argue an organization can never fully prepare for a major information security incident, one of the industry's top experts believes enterprises should plan for incidents by simulating how they would play out in a real-world scenario.
"One of the things I'm always trying to encourage people to do is some simple tabletop exercises," said Marcus J. Ranum, CSO at Columbia, Md.-based Tenable Network Security Inc. "Ask yourself, 'What are we worried about going wrong?' and, 'What would it look like if it did go wrong, and then if it did go wrong, what pieces of information would we really, really like to have?' and then collect that information in advance of something going wrong."
In this interview, recorded at the 2014 RSA Conference, Ranum discusses the merits of information security tabletop exercises to prepare for incident response. He said even if an organization experiences an incident that ends up requiring different information than what the simulation indicated, practicing the step-by-step response process will help the organization respond more quickly and effectively.
Ranum also advocated for continuous security monitoring, namely collecting as much security-related data as an organization deems reasonable. While he acknowledged some naysayers believe maintaining continuous security monitoring systems is a waste if an enterprise lacks the human talent to analyze the data and draw conclusions, Ranum said the ability to have the data for forensic analysis in the event of an incident is still valuable; even if outside security consultants are needed during an incident, having meaningful data for them to analyze will make the incident response effortless, timely and costly.