Data Breaches who role is it anyway?

Cyberattacks and criminals are clearly making headlines, as well recent vulnerabilities, Open SSL Heart-bleed and so on. We are being asked a lot of questions about the role of an SIA as well best practices for SIEMaaS. Lately, even the best-protected companies have become victims of complex hacking operations despite the copious amount of time, dollars spent on security solutions, training, Compliance and IT Staffing. Unfortunately an unauthorized Penetration is inevitable...

Superman, the man of steel is vulnerable to kryptonite, once exploited Superman isn't so super... he becomes mortal. Don't let your Security teams become mortal. Have clear rules of engagement in place to empower your SIA with clear Duties and Responsibilities.

What is truly in the way of building effective security programs to defend against complex cyberattacks & criminals?

Most security teams have an incentive to close an incident as soon as the ticket hits the inbox. Its closed before it was ever created. Never mind the impact... Expand the role of SIA Security Intelligence Analyst Officer or what I'll call the CSIA-O. Cyber Security Intelligence Analysts Office can play a dynamic role as they are the front line to detection, yes detection! Once detected clear policies and procedures are needed to ensure the teams are working together. This is the common area where things can break down. If your response is based on a matrix or measurement in time -- the amount of time it takes the team to close a case then you need to review your policies. This leads to rushed decisions and often leads to a false sense of security. Attacks are often provoking a reaction or misdirection to a bigger attack.

While we all agree that detection and responses should be quickly handled. Security teams need to work with Executive Leadership, Cross functional groups, or teams and communication clearly what is going on to respond to an attack or threats and determine the impact. Clear escalation procedures are critical as soon as the detection of unauthorized penetration is known... more importantly taking action - who is responsible and who is accountable and has the authority to make critical decisions. Brush off your incident response plan. Ensure you have clear escalation procedures, roles, responsibilities and clear rules in place. Lastly ensure you have a plan for follow on investigations.