EUGENE SCHULTZ
Eugene Schultz, CISM, CISSP, is the Chief Technology Officer at Emagined Security, an information security consultancy based in San Carlos, California. He is the author/co-author of five books and over 120 published papers. Gene was the Editor-in-Chief of “Computers and Security” from 2002-2007, is currently on the editorial board for this journal, and is an associate editor of “Network Security”. He is also a SANS instructor, member of the SANS NewsBites editorial board, co-author of the 2005 and 2006 Certified Information Security Manager preparation materials, and is on the technical advisory board of three companies. Gene has previously managed an information security practice as well as a national incident response team. He has also been professor of computer science at several universities and is retired from the University of California at Berkeley. A Distinguished Fellow of the Information Systems Security Association (ISSA), Gene has also been named to the ISSA Hall of Fame and has received ISSA’s Professional Achievement and Honor Roll Awards. While at Lawrence Livermore National Laboratory he founded and managed the U.S. Department of Energy’s Computer Incident Advisory Capability (CIAC). He is also a co-founder of FIRST, the Forum of Incident Response and Security Teams. He is currently a member of the accreditation board of the Institute of Information Security Professionals (IISP). Dr. Schultz has provided expert testimony before committees within the U.S. Senate and House of Representatives on various security-related issues, and has served as an expert witness in legal cases.
THE MOST COMMON MISTAKES IN INCIDENT RESPONSE
Security-related incidents have become much more complex, costly and resource-demanding over time, as shown by the Titan Rain, Aurora, Night Dragon and other highly successful and prolonged attacks in which attackers gained control of a myriad of computing systems and stole a huge amount of personal and proprietary information. Responding optimally to incidents, especially incidents that have the most potential impact upon an organization, has thus become a necessity. Yet many organizations continue to repeatedly make the same mistakes in the incident handling process. Mistakes can easily lead to response efforts being inefficient and ineffective, resulting in all kinds of negative consequences, including (but by no means limited to) longer incident durations and costly legal problems. This presentation focuses upon the most common mistakes made in handling incidents, the possible consequences, and the potential solutions.