App Review What is Incident Response, and why is it important?

[Cybersecurity Meg]

I am the Cyber Security Incident Response Manager for a large company, and recently began making some videos on Youtube that are geared towards honing in on some specific topics. Recently, I wanted to discuss incident response - why it's imperative to have a good incident response process, and when exactly incident response is necessary. Do you have any thoughts?

 

[Lenny_Fox]

Being a digital marketeer I have a tip for you: disable sound and have a look at your video.
a) check the micro movements in your face (no worries all is good, only in the first minutes you sometimes twitch your mouth to the right corner)
b) with no voice it looks like I am watching a podcast, what is the added value of broadcasting a video? Please add graphs, visuals and text blurbs.
c) apply golden rules of story telling: tell what you are going to tell, mention three benefits/reasons, resume story to make your point, next give an example and finish with the take away

 

[Protomartyr]

As someone who was pursuing a cyber security degree but had to drop out (couldn't afford the financial costs; the program was too new at this university and was mismanaging classes), I'm looking forward to this series!

I do agree with Lenny's comment on the video feeling more like a podcast. I listen to podcasts so I didn't mind the format of the presentation (I was listening to the video in a background tab). Adding visuals would definitely help add to the experience.

One aspect of incidence response that I've found intriguing is transparency. You mentioned about whether there's a need to report to a data authority/law enforcement depending on the incident. What about the need to report to employees and/or customers that have been affected?

For example: Canon publicly confirms August ransomware attack, data theft

It took Canon around 3 months to disclose a breach that involved current and former employees' (including their beneficiaries and dependents) names, Social Security number, date of birth, the number for the driver's license number or government-issued ID, the bank account number for direct deposits from Canon, and their electronic signature.

I know investigating incidents like this takes time, but the delay in notification puts people at risk. I'd imagine this is not solely up to the decision of the incident response team, but also involves the legal team (for potential litigation) and public relations (company's image) as well. How do companies prioritize disclosures like this?

 

[Behold Eck]

Being a digital marketeer I have a tip for you: disable sound and have a look at your video.
a) check the micro movements in your face (no worries all is good, only in the first minutes you sometimes twitch your mouth to the right corner)
b) with no voice it looks like I am watching a podcast, what is the added value of broadcasting a video? Please add graphs, visuals and text blurbs.
c) apply golden rules of story telling: tell what you are going to tell, mention three benefits/reasons, resume story to make your point, next give an example and finish with the take away

Me thinks you`re being a tad over zealous in your criticism as the video did what it was supposed to do in a very informal, straight to the point way.

Why would anyone want to watch a podcast without the sound ?

The graphs,blurbs etc you mention could muddy the waters and get in the way.

Keep it simple for us simple folk.

Regards Eck

 

[Lenny_Fox]

Me thinks you`re being a tad over zealous in your criticism a

Regards Eck

it were three tips, what part was critism (considering the fact that I explictely mentioned all is good).

Why would anyone want watch a podcast without the sound ?

A video with no visuals is like a podcast with no sound. People don't watch podcasts, they listen to it

The graphs,blurbs etc you mention could muddy the waters and get in the way.

Could be when applied exuberantly, but adding 3 or 5 visual anchors to emphasis a spoken message of so many minutes, would not scare away your audience

 

[Behold Eck]

it were three tips, what part was critism (considering the fact that I explictely mentioned all is good).


A video with no visuals is like a podcast with no sound. People don't watch podcasts, they listen to it


Could be when applied exuberantly, but adding 3 or 5 visual anchors to emphasis a spoken message of so many minutes, would not scare away your audience

Yes I agree that"all is good".

Maybe you could animate that graphic I posted, not that that would make it any more understandable to me but might be a cool thing to do ?

Regards Eck

 

[Cybersecurity Meg]

Being a digital marketeer I have a tip for you: disable sound and have a look at your video.
a) check the micro movements in your face (no worries all is good, only in the first minutes you sometimes twitch your mouth to the right corner)
b) with no voice it looks like I am watching a podcast, what is the added value of broadcasting a video? Please add graphs, visuals and text blurbs.
c) apply golden rules of story telling: tell what you are going to tell, mention three benefits/reasons, resume story to make your point, next give an example and finish with the take away

Thank you for the feedback! My more recent videos have text added in to help anyone watching be able to "summarise" the point in text.

As someone who was pursuing a cyber security degree but had to drop out (couldn't afford the financial costs; the program was too new at this university and was mismanaging classes), I'm looking forward to this series!

I do agree with Lenny's comment on the video feeling more like a podcast. I listen to podcasts so I didn't mind the format of the presentation (I was listening to the video in a background tab). Adding visuals would definitely help add to the experience.

One aspect of incidence response that I've found intriguing is transparency. You mentioned about whether there's a need to report to a data authority/law enforcement depending on the incident. What about the need to report to employees and/or customers that have been affected?

For example: Canon publicly confirms August ransomware attack, data theft

It took Canon around 3 months to disclose a breach that involved current and former employees' (including their beneficiaries and dependents) names, Social Security number, date of birth, the number for the driver's license number or government-issued ID, the bank account number for direct deposits from Canon, and their electronic signature.

I know investigating incidents like this takes time, but the delay in notification puts people at risk. I'd imagine this is not solely up to the decision of the incident response team, but also involves the legal team (for potential litigation) and public relations (company's image) as well. How do companies prioritize disclosures like this?

Hi! I'm sorry you had to drop out due to financial costs. I hate that, and wish financial costs weren't so restrictive of who can receive education.

You brought up a good point about reporting to employees/customers - generally this is contingent upon what country the data originates from (or rather where the person who owns the data lives in), the risk of the data being used for malicious purposes, the impact of the breach, etc.

Deciding when to report/make known about an incident also depends on the above factors. What country, the sensitivity of the data, the risk to the individual(s), the legal requirements of the geolocation (of course the EU and some APAC and South American countries have more stringent reporting requirements), etc. We have an entire Privacy team dedicated to this, so generally we (Incident Response) provide the data needed to the Privacy team, and they make that call.

Thanks for your feedback! I really do appreciate it.