Do We Need Regular IT Security Fire Drills?

An anonymous reader writes: This article argues that organizations need to move beyond focusing purely on the prevention of security incidents, and start to concentrate on what they will do when an incident occurs. IT security "fire drills," supported by executive management should be conducted regularly in organizations, in order to understand the appropriate course of action in advance of a security breach. This includes recovering evidence, identifying and resolving the root cause of the incident (not just the symptoms), and undertaking a forensic investigation.

Re:That's a different skill-set

[bill_mcgonigle]

That is not a skill set most IT departments have.

Many IT departments don't even have enough skill overage to deal with one guy being sick, much less have excess expert capacity.

Back in the 90's I watched a big medical center show the door to the guy who maintained the disaster recovery plan. He was "a cost center and never produced anything that anybody used."

That's about the timeframe when professional IT ended in the general population. Or maybe it's just when the general population got an IT staff.