This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies
By closing this message or continuing to use our site, you agree to our cookie policy. Learn More
This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • Home
  • News
    • Security Newswire
    • Technologies
    • Security Blog
    • Newsletter
    • Web Exclusives
  • Columns
    • Career Intelligence
    • Security Talk
    • The Corner Office
    • Leadership & Management
    • Cyber Tactics
    • Overseas and Secure
    • The Risk Matrix
  • Management
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • More
  • Physical
    • Access Management
    • Video Surveillance
    • Identity Management
    • More
  • Cyber
  • Sectors
    • Education: University
    • Hospitals & Medical Centers
    • Critical Infrastructure
    • More
  • Exclusives
    • Security 500 Report
    • Most Influential People in Security
    • Top Guard and Security Officer Companies
    • The Security Leadership Issue
    • Annual Innovations, Technology, & Services Report
  • Events
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
    • Security 500 West
  • Resources
    • The Magazine
      • This Month's Issue
      • Digital Edition
      • Archives
      • Professional Security Canada
    • Videos
      • ISC West 2019
    • Photo Galleries
    • Polls
    • Classifieds & Job Listings
    • White Papers
    • Mobile App
    • Store
    • Sponsor Insights
    • Continuing Education
  • InfoCenters
    • Break-in Prevention
    • Building AppSec in Enterprises
    • Video Management Systems
  • Contact
    • Editorial Guidelines
  • Advertise
Home » Been Hacked? Let That Be a Lesson to You
Cyber Security NewsCyber TacticsCyberColumns

Been Hacked? Let That Be a Lesson to You

Cyber Tactics Chabinsky Default
Been Hacked? Let That Be a Lesson to You
Cyber Tactics Chabinsky Default
Been Hacked? Let That Be a Lesson to You
May 1, 2017
Steven Chabinsky
KEYWORDS cyber security education / cybersecurity planning / data breach / data breach response / incident management / NIST cyber security framework
Reprints
No Comments

If at first you don’t succeed, try, try again.” Although catchy, we all know that the real keys to success after failure are reflection and adaptation, not mere persistence. With this in mind, let us review the last category of NIST’s Response function, titled Improvements, and its focus on implementing lessons learned and updating strategies.

 

Coordinate.

Responding to a major incident is an enterprise-wide affair. As NIST notes, effective incident handling requires coordination among “mission/business owners, information system owners, authorizing officials, human resources offices, physical and personnel security offices, legal departments, operations personnel, procurement offices, and the risk executive (function).” Unfortunately, therein lies the rub. Organizations that lack coordination during incident response have the most to gain from capturing and implementing lessons learned. Yet, a mature lessons-learned process often requires coordination among the very same entities. Be on the lookout for this vicious cycle.

 

Capture Lessons Both During and After Response.

An Incident Response Plan should encourage participants to capture lessons as they occur, when feasible, and should propose formal improvement sessions within two weeks of any major incident. Regardless of the timing, when capturing problems (for example, process friction and negative outcomes), contributors should take a first shot at identifying potential solutions together with their pros and cons. Equally important, many lessons learned are positive. Be sure to capture (and celebrate) successes that otherwise might be lost during the stress of incident handling, and identify best practices that can be widely shared. Finally, after recommendations are approved, companies should track implementation and share them with other groups consistent with their sensitivity and general applicability. This may require updating plans and strategies, together with rolling out revised testing and training. When a new incident occurs, it may be helpful to review the lessons learned from the last one.

 

Use a Skilled Facilitator.

The author and facilitator Norman Kerth recommends an important ground rule to prevent hostility, mudslinging and discouragement. Require participants to pledge upfront: “Regardless of what we discover, we understand and truly believe that everyone did the best job he or she could, given what was known at the time, his or her skills and abilities, the resources available, and the situation at hand.” In addition, some companies use facilitators either who are, or who serve at the direction of, outside counsel in order to preserve attorney-client privileges that may exist after a breach. The best facilitators provide a safe, trusted environment to draw out useful information, build morale and highlight what employees did well, all while avoiding the blame game.

 

Invest in the Lessons Learned Process.

When an organization pulls itself up after a major incident and implements a strong lessons-learned program, the resulting coordination and trust improves current teamwork and future incident response beyond any particular lesson’s value. On the other hand, a company that fails to take lessons learned seriously will eventually learn to do so, but only after they try, try again.

 

About the Columnist

Steven Chabinsky is global chair of the Data, Privacy, and Cyber Security practice at White & Case LLP, an international law firm. He previously served as a member of the President’s Commission on Enhancing National Cybersecurity, the General Counsel and Chief Risk Officer of CrowdStrike, and Deputy Assistant Director of the FBI Cyber Division. He can be reached at chabinsky@whitecase.com.

Subscribe to Security Magazine

Recent Articles by Steven Chabinsky

Who's Responsible for Cloud Security?

Clear, Purge & Destroy: When Data Must be Eliminated, Part 2

Clear, Purge & Destroy: When Data Must be Eliminated

Bug Bounty Programs: An Emerging Best Practice

Managing Supply Chain Risk

Chabinsky-2016-200px

Steven Chabinsky is global chair of the Data, Privacy, and Cyber Security practice at White & Case LLP, an international law firm. He previously served as a member of the President’s Commission on Enhancing National Cybersecurity, the General Counsel and Chief Risk Officer of CrowdStrike, and Deputy Assistant Director of the FBI Cyber Division. He can be reached at chabinsky@whitecase.com.

Related Articles

5 Things You Need to Know about the Revised NIST Cybersecurity Framework

Clear, Purge & Destroy: When Data Must be Eliminated, Part 2

You must login or register in order to post a comment.

Report Abusive Comment

Subscribe For Free!
  • Print & Digital Edition Subscriptions
  • Security eNewsletter & Other eNews Alerts
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

cybersecurity breach

The Top 12 Data Breaches of 2019

ransomware-enews

British American Tobacco Suffers Data Breach and Ransomware Attack

Dispelling the Dangerous Myth of Data Breach Fatigue; cyber security news

Major Retailer Macy's Is Hacked

server room, cybersecurity, penetration testing,

Explained: Firewalls, Vulnerability Scans and Penetration Tests

cyber network

How to Achieve Cybersecurity with Patience, Love and Bribery

SEC2019_Everbridge_1119_360x184customcontent

Events

December 17, 2019

Conducting a Workplace Violence Threat Analysis and Developing a Response Plan

There are few situations a security professional will face that is more serious than a potential workplace violence threat. Every security professional knows and understands that all employers have a legal, ethical and moral duty to take reasonable steps to prevent and respond to threats of violence in their workplace.
January 23, 2020

The Value of a Unified Approach to Critical Event Management

From extreme weather to cyberattacks to workplace violence, every organization will experience at least one, if not multiple, critical events per year. And in today’s interconnected digital and physical world, the cascading safety, brand, and revenue impacts of critical events are more severe.
View All Submit An Event

Poll

Emergency Communications

What does your enterprise use to communicate emergencies to company employees?
View Results Poll Archive

Products

Effective Security Management, 6th Edition

Effective Security Management, 6th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

See More Products
SEC500_250x180 clear

Security Magazine

SEC-December-2019-Cover_144px

2019 December

This month, Security magazine brings you the 2019 Guarding Report, featuring David Komendat, Boeing CSO, and many other public safety leaders to discuss threats and solutions for 2020 and security officer training. Also, we highlight Hector Rodriguez, Director of Public Safety and Security at Marymount California University, CCPA regulations, NIST standards, VMS and much more.

View More Create Account
  • More
    • Market Research
    • Custom Content & Marketing Services
    • Security Group
    • Editorial Guidelines
    • Privacy Policy
    • Survey And Sample
  • Want More
    • Subscribe
    • Connect
    • Partners

Copyright ©2019. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing