Don't miss our upcoming Network Computing virtual event on Connectivity Solutions - Secure Your Complementary Seat Now!
I made sure that Bucky followed our computer incident response plan, most of which he wrote. As part of the plan, I advise our CIO, Steve Fox, who in turn is responsible for informing senior business leadership at ACME. Steve wanted to keep the problem quiet--it seldom helps your business to announce security troubles--but in situations like this, informing key business leadership is critical. That's why Bucky reports to both IT and our auditing department: We want to be sure the right hand always knows what the left is doing.
Steve informed the appropriate corporate contacts. Next, we told our employees which services were down, though we didn't go into details about why. At that point, Bucky, Dirk and I sat down to figure out what went wrong.
Fool Me Once
Getting to the root cause was a painful process that demanded complex computer forensics on the compromised box. We sent the server drive out to be analyzed by a security specialist company, which gave us back some good information as to why we were hacked. On the positive side, the consultancy confirmed that no corporate data had been stolen, and we determined that no other systems were affected.
We had budgeted this year to implement host-based and network-based intrusion detection systems, especially for all our Web-facing systems. But Murphy's law kicked in--we hadn't started that project yet either.
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
