Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ben hemsath 2018


Published on

Don't Panic

Published in: Education
  • Be the first to comment

  • Be the first to like this

Ben hemsath 2018

  1. 1. Don’t Panic Your Hitchhikers Guide to Security Related Communications Ben Hemsath President Converging IT Solutions, LLC 10/5/2018
  2. 2. First Rule: Don’t Panic • Your primary goal is to stay calm • Treat all communication with sensitivity because everything is auditable • You will feel lost time to time • Don’t be afraid to consult your SMEs • Avoid the fight or flight response 2
  3. 3. Gain Perspective • Accept the fact that you don’t know • Don’t try to muscle everything yourself • Consider input from all parties involved like a giant puzzle • Document everything • Always be reading and learning 3
  4. 4. Active Listening • Make sure to listen thoroughly and read through all requirements • Do not assume anything and ask questions for clarification • Have legal review responses if possible • Use the 5 min rule before responding to any type of communication 4
  5. 5. Identify Key Stakeholders • Knowing the players will help you and your company avoid unnecessary liabilities • Understanding your audience will keep your team happy • Everyone doesn’t need to know everything • Know the roles and responsibilities of all individuals involved 5
  6. 6. Typical Security Roles & Communication Styles • Executives • Stick to bullet points • They want three basic items • What is the issue/scope • What has been done • What are the next steps • Manage external and legal communications • Decisions affecting stakeholders • Managers • Keep tabs on engineers • Provide support and updates to incident response manager or liaison • Managers should help filter technical questions to keep info on an as needed basis 6
  7. 7. Typical Security Roles & Communication Styles • Internal 3rd Party Resources • Response Teams • Pretty much give them whatever they need. • They are there to be impartial & identify scope • Assist with recommendations for remediation • Risk Assessors • These teams may come in to assess risk before and after security incidents • Legal Advisors • Typically executives deal with legal • Auditors • Review Auditors are typically hired before a major audit to help shore up compliance and issues • These teams are your friends and getting paid to help you so don’t piss them off • Governance Auditors are external authorities that typically review your security policies and practices for certification • Liaisons and Consultants • Liaison and Consultants will sometimes fill the roles to play quarterback between all parties and fill gaps where needed 7
  8. 8. Typical Security Roles & Communication Styles • Internal Engineers • Usually doing the ground work • Typically are on edge due to massive scrutiny • Internal Compliance & Risk • Usually on calls for assisting compliance and reviewing risks • Internal Legal Team • Pretty much all external communication gets run through legal • Be prepared to be interviewed by legal if needed • Customer Service Teams • These teams are typically hit the hardest by customers before, during and after incidents. • Make sure these teams and managers do not try and circumvent process as they may put out bad information causing avoidable damage 8
  9. 9. Typical Security Roles & Communication Styles • Governing Authorities • During security incidents, your company may be required to report breaches to specific organizations including local and federal governments • Get with legal and compliance to understand the breach scopes and what agencies require reporting • External Stakeholders • Typically these are your customers/clients who are or can be affected by any data breaches • Let legal and Executives do the talking • All technical questions should run through security directors/managers 9
  10. 10. Security Incident Communication Workflow • During a security event, someone is typically tagged to be the liaison between all parties • Security Event • Notification • Usually internal notification but sometimes can come from clients • Main point of contact (liaison) is identified • All hands on deck and microscope review on all communication 10
  11. 11. Security Incident Communication Workflow • Security Event (Continued) • Information is sent and reviewed by the incident response team • If false positive, then it is noted, logged and reviewed by execs, legal, compliance, risk and a few parties then closed. • If incident is valid, security response plan continues with liaison working with all teams to determine scope of breach, remediation, reporting and Post Mortem • Often times multiples reviews of Post Mortem will occur with risk teams, security teams, compliance teams, legal teams, executive teams, 3rd party risk teams and etc 11
  12. 12. Documentation, Forms & Meetings • Probably the most boring part of the job with security communications • Organization of your documentation • You will be asked to provide documentation multiple times to lots of people • Be prepared to meet with everyone that wants to ask you the same question • Always consult legal and executives before giving out any information 12
  13. 13. Tips and Good to Know Items 13 • Be Honest: Always be honest with the right people. • Reply All: Make sure you know who are including in emails. Know your audience. • Reporting: Don’t be afraid to report any communication to the right people. Execs can only enable if they know of the issues • Do Not Lie: Auditors will require evidence and insurance will subjugate you on payouts. • Cross Communication: Everyone speaks a different language. • Interviews: Make sure you know your roles well as you are likely to be interviewed multiple times. • Loose Lips Sink Ships: Know when to keep your lips shut and when it is appropriate to speak freely.
  14. 14. Questions & Answers Time 14
  15. 15. 15 Thank you