Do We Need Regular IT Security Fire Drills?

An anonymous reader writes: This article argues that organizations need to move beyond focusing purely on the prevention of security incidents, and start to concentrate on what they will do when an incident occurs. IT security "fire drills," supported by executive management should be conducted regularly in organizations, in order to understand the appropriate course of action in advance of a security breach. This includes recovering evidence, identifying and resolving the root cause of the incident (not just the symptoms), and undertaking a forensic investigation.

Re:That's a different skill-set

[Lumpy]

90% of all IT departments can be driven bat shit crazy by installing a simple light timer on a router or switch and hiding it in the rats nest of power and other cables. Set the timer to be "anti burgular" mode where it adds randomness and have it drop power to a piece of gear for only 10 minutes once a day, because in 10 minutes by the time they get to the network closet, it will be back on and running.

It will drive them nuts and it will take MONTHS for them to find it, bet you they replace the router/switch befoer they find the timer. Bonus points if you make a decoy cable so that the timer is in the center of the cable hidden in the power tray and both ends look factory standard IEC.