This article is more than 1 year old

Once more unto the breach: El Reg has a go at crisis management

And you can probably guess how that turned out

Spoiler alert

Communication was a key issue. Participants sometimes made requests to the wrong entity and there was a general lack of coordination. No one knew what other departments were doing, which is why a crisis management team and an incident response messaging system (using, for example, a Slack channel) can help in practice.

F-Secure, like other security vendors, offers tools and services to prioritise and flag up security alerts so they might be more rapidly triaged by analysts.

Some of the cards depicted steps to take in order to "take down" a disparaging blog post through legal means. The CSIRT team (who were all in reality journalists) didn't see the point in doing this since the information was already out there – a good move that companies taking the exercise sometimes fail to follow, F-Secure said.

Management erred by issuing a press release and talking to regulators without getting the chief exec involved. There were problems in getting a backup server online.

Complaints about spam messages were also a red herring, which is just as well since the CSIRT team hadn't found someone to analyse the junk deluge even by the time the afternoon-long exercise ended. Log analysis and forensics can be slow in arriving. CSIRT had found other compromised machines and took action with a memory dump and snapshotting infected devices before taking them offline, or by monitoring a suspect domain controller, but we hadn't received a log analysis report, contrary to deadlines specified in service agreements (FSC was slow because it had been swamped with requests from various teams).

This turned out to be a crucial missing piece. It was revealed that an intern, dismissed two weeks earlier, was the individual behind the source code leak.

And we would have gotten away with it, too, if it wasn't for that meddling kid. ®

More about

More about

More about

TIP US OFF

Send us news


Other stories you might like