Incident Response Plans and Catching Kittens

Friday, August 06, 2010

Bill Wildprett, CISSP, CISA

0f48ebb4a6ca02dbf5141affdbfa6898

The other night, while my wife and I were walking Daisy, we  had an ‘incident’ to respond to.  Not computer related, but the principles of incident response still apply.  Someone decided that abandoning three month-old kittens on the road down from our house was a good idea ~ ‘surely someone nice will give them homes!’

If we ignored their plight, the outcome would go three ways:

  1. Someone else might rescue them.  Although, since it was after 10:00 P.M. this was unlikely.
  2. They’d be hit by cars.
  3. Wily E. Coyote and his brethren would enjoy their company.

So,  we rescued them, sheltered them overnight and in the morning, off to the Humane Society (with a donation) they went since we just can’t accommodate three kittens with our golden retriever.

Reflecting on this episode, I thought about how I’d been taught about incident response by SANS Institute instructors.  The acronym I learned is PICERL; Preparation, Identification, Containment, Eradication, Recovery, Lessons-learned.

We were prepared because we had cardboard boxes to hold them and a crate at home for the night.  We identified the problem, contained the kittens and eradicated the threats that night (no, we didn’t kill any coyotes).  Recovery happened in the morning and Lessons-learned are ongoing (expect the unexpected and assume breach are two of them).

The takeaway on this is that strange things happen and we can use our training, even very IT security-specific, to manage the event.  Security is about doing the Right Thing, at the Right Time, for the Right Reasons ~ this incident was no exception and was definitely security-related, at least in the physical sense as far as the kittens were concerned.

by Bill Wildprett, Suspicious Minds blog, Copyright 2010

Possibly Related Articles:
8533
Security Awareness
Security Awareness
Post Rating I Like this!
0f48ebb4a6ca02dbf5141affdbfa6898
Bill Wildprett, CISSP, CISA I learned today that I PASSED the CISA exam!
1281677821
6d117b57d55f63febe392e40a478011f
Anthony M. Freed Cheers Bill!
1281717802
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.