In anticipation of GSX, we sat down with presenters of upcoming sessions in order to get a better understanding of the topics at hand. This week we are featuring, “Preparing for Your Worst Day: Cyber Incident Response Planning and Simulation,” presented by F. Paul Greene, Partner and Chair of Privacy and Data Security Practice Group at Harter Secrest & Emery LLP. Read on for what he had to say and don’t forget to register for GSX 2024!
Q: How did you become interested in your topic?
A: As a data security incident breach coach, I see firsthand the difficulty organizations have responding to an incident, if they haven’t developed and drilled a good, working incident response plan. I also think that security is a team sport, and all of us need to work together to stay a step ahead of the bad guys. As a result, my contribution to the team is to evangelize on the value of incident response planning and tabletop drills in the hope that we will all improve our security posture and be more prepared for the next attack.
Q: Tell us about your presentation and why security professionals should have this topic on their radar.
A: Two rules apply in relation to incident response preparation: first, if it isn’t in writing, it doesn’t exist, and second, if you don’t drill it, you won’t be able to do it. My presentation addresses efficient strategies for developing an incident response plan that works for your organization, rather than, for example, using a form found on some other organization’s website. (You may be surprised how many times I see organizations use “borrowed” forms that have nothing to do with the industry they are in or the data they process.) The presentation also examines how best to plan and execute a security incident tabletop exercise, which can and should be fun in the first instance. Tabletop testing is more about team building than technical security issues, and it lets you build upon the interpersonal strengths your team members already have. And lastly, we’ll simulate a few incident scenarios, to see how participants would respond. Participants should leave with a better understanding of incident response planning and tabletop testing, and a desire to run or participate in a tabletop exercise at their organizations soon.
Q: What advice would you give security professionals interested in this topic?
A: Don’t let anyone tell you that you don’t have a role in incident response planning. If you are in the information security department, then you are clearly a voice that should be heard in the planning process. If you are involved with physical security, you are one of the important domains most frequently forgotten, when it comes to security incident response planning and drills. We all have an important role to play in relation to incident response, and running a tabletop exercise is one of the best ways to define those roles.
Q: How do you see this issue evolving in the next 2-5 years?
A: A few years back, few organizations were engaging in mature incident response planning and running drills. Now, incident response planning and drills are becoming more frequent, but more can be done. It is my hope that incident response planning and tabletop exercises become much more commonplace in the next few years, and that this helps reduce the risk profile of more and more organizations.
Q: Why do you attend GSX?
A: This will be my fourth time attending and speaking at GSX. I find the interplay of physical and cyber security fascinating, and the discussions in my sessions, and at the conference, to be of great value to my practice and clients!