Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Manager/Media Impact - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Manager/Media Impact
Did you day start off something like this?

Boss-type-person rushes into room waving a print out of New computer virus threatens biz net and demanding to know "what you're doing about it."

Hopefully, you were able to tell them that you'd already deployed the patch for the vulnerability back in November 2006, that your perimeter doesn't allow inbound TCP/2967 nor TCP/2968, and that your AV signatures were up-to-date.  Then you should have been able to lean back, put your feet up on the desk and say: "see, this is why you pay me the big bucks-- so you don't appear CNN articles."

If your day didn't go as smoothly, you have my sympathies.  I spent more time today on conference calls, impromptu hallway meetings, and writing up briefings for what should have (and so far has actually been) a non-event for our environment.

This is not the first time that I've been impacted by non-event events.  It's why I have to monitor eWeek, so I have a heads up on what the suits are going be asking about that morning.

I didn't keep careful track, but one of the many repeated phrases of the day was "Money dot CNN is not going to produce a computer security scoop."  It's possible, just not probable.

I'm proposing we update our impact models expanding them from Confidentiality, Integrity, and Availability to include Management.  I'm joking, but only slightly.  More realistically, I will update our criteria of releasing internal communications to include media/manager impact.  This has happened enough that it needs to become part of my process.
Kevin Liston

292 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!