the cups blog

07-24-08

USM Opening Session

The Workshop on Usable IT Security Management was opened today with a talk by Robin Ruefle a member of CERT on Human and Organizational Aspects of Security Incident Management.

She opened with a brief history of CERT and a discussion of how important having an incident management plan is. For example when the Morris Worm infected the internet many companies did not have an incident management plan and had trouble dealing with the incident.

She discussed several example incidents where companies did not have comprehensive incident plans:

  • Slammer Worm hit in January of 2003. An organization without full updates was hit very hard by Slammer and many did not have the ability to determine how hard the organization was hit.
  • Another company hit by Slammer but used contractors who were unwilling to come in imidiately. Local contractors didn’t have badges which worked on Saturday and were not sure who to contact to gain access to the servers to fix the problem.

One of the biggest issues with creating a security management plan is that people don’t talk. Management doesn’t talk to the people they are manging and understand their needs. People dont’ always understand what is going to be done and may be concerned that their own jobs will be taken over.