While we continue with the budget discussion, it's important to think about some of the unique challenges present as we approach the end of the calendar year. There are various things security professionals need to do at this time of the year, and David Matthews discusses some of them on Nov. 20 in Incident Response: Are You Ready for the End of the Year?
As the former director of incident response for travel Expedia, Matthews is familiar with the challenges associated with this time of the year. During this RSAC webcast, he will discuss surges in traffic because of the holiday season, code freezes, severe weather, and lack of staff.
"If your organization has a change freeze in place, how will that affect your ability to respond to a security incident?" Matthews asks.
For many organizations, incident response boils down to a risk decision. For example, Expedia makes money online every minute the site is up and running. A few minutes of downtime to deal with an unexpected event can be "devastating," Matthews says. In those cases, the decision not to deal with a problem may boil down to not wanting to lose additional sales.
Matthews will focus on various things security professionals need to do at this time of the year to successfully handle disruptions and incidents. He also points out that disasters aren't just security incidents or attacks. Severe weather—such as winter storms and ice storms in northern areas of the United States—can mean that people can't get to work.
Do employees have a way to get on the network remotely and keep working? Is the remote infrastructure set up to accommodate heavier loads during these times? Business productivity could take a hit if the VPN server gets overloaded because it is limited to a small number of concurrent users, for example. Are available remote access tools secure?
Incident response planning also needs to account for various challenges happening in concert. Perhaps there is a security incident and you are counting on responders to come in. Perhaps they can't come in because of bad weather or because they are on holiday. Or perhaps there is a denial-of-service attack preventing responders from working remotely. What happens at this point? Organizations need to conduct these kinds of exercises for when relevant responders are not available, Matthews says.
It's great to have a plan, but the exercises need to account for specific challenges. In this case, retailers should right now be conducting drills on what to do if they find malware on systems during the holiday shopping season. Or what organizations should do if they find malicious code in their software after a code freeze goes into effect.
You may be knee-deep comparing this year's budget with next year's. In some organizations, there is some money left in the budget that needs to be spent before the end of the year. Not only is it a bad idea to leave money on the table when it can be used for something, not spending the money can negatively impact next year's budget. So it's a good time to think about what products and technologies will help you achieve your security goals, Matthews said.
It's also important to remember that the issues are limited to just consumer-facing organizations or retailers. The disaster recovery component applies to all industry sectors, "since everyone has people going on holiday," Matthews says. "Even when you are not in the retail business, you are likely affected one way or another."
Register now and join David Matthews and the RSA Conference on Nov. 20 to discuss if you are ready. Feel free to send any questions here or via @RSAConference on Twitter beforehand.