Description Security Innovation Network - Silicon Valley Location Mountain View, California, United States Event Type Conference Regions San Francisco Bay Area, Silicon Valley, West Coast Start Date Mar 7, 2018 End Date Mar 8, 2018 Venue Name Computer History Museum Event URL www.security-innovation.org/events/silicon/spea... Registration URL Click here to register
The panel devoted specifically to resilience was moderated by Neill Occhiogrosso (Partner, Costanoa Ventures). It included Chris Wlaschin (CSIO, US Department of Health and Human Services), Sean Kelley (Former CISO, US Environmental Protection Agency), Jeff Klaben (CISO, SRI), Brendan O'Connor (CTO, Service Now), and James Beeson (CISO,
Cigna).
Occhiogrosso defined resilience as "what we do after an incident to keep the business running," and he asked the panelists to share their relevant war stories. The panel's observations and recommendations agreed that resilience came down to planning and practice. They understood a resilient organization as being one that had quick and effective incident response capabilities.
Beeson emphasized the importance of making quick sound decisions under conditions of limited information. Kelley thought that "Too many people try to wing it. Notoriously, people don't know what they have in their environment. We have to look at frameworks." The delta between stress under training and stress during an incident is enormous, of course, but any training should help, even setting aside an hour or so and thinking about your incident response.
"Bad news is good news," said Klaben, quoting a mentor. "If you don't want the bad news, you shouldn't have the job." He recommended assuming that you're under attack during any implementation. "There's nothing privileged in terms of access that an attacker won't go after." Having a standby incident response and good situational awareness during deployment are vital.
Klaben also advised using references, and remembering that you're part of a supply chain. "Your partners may have a plan that you're part of. Have 'what would you do' scenarios for things that could happen every day." Everyone in cyber is a teacher, Klaben argued, and such teaching is vital to becoming a resilient organization. "If you're not a teacher, get out of the field. You can't just dump a lot of information on your business customers. They have to become your partners." A series of elevator pitches you can use to educate your board and C-suite is a useful tool to have. Wlaschin suggested relearning and reteaching some old disciplines, paper processes for backup.
Resilience is something your board should grasp. As Kelley pointed out, the board is concerned about staying in business no matter what happens. Wlaschin advised CISOs to educate themselves on the language boards use when they talk about risk. "If you can frame cyber issues in terms of risk to the business, you'll be able to communicate with them." Beeson concurred strongly. "The language of business is finance. Learn that language." He recommended that CISOs send their people to some finance classes the better to equip them to talk about business risk.
Finally, educating people on the mission is essential. They need to understand the mission and the objective. Understanding that overarching mission will help them make the right decisions under pressure.
- See more at: https://www.thecyberwire.com/events/sinet-itsef-2018/what-makes-for-resilience-planning-and-drill.html#sthash.7mIXfs0v.dpuf
