Slashdot Mirror

← Back to Stories (view on slashdot.org)

How to Prepare for an IT Security Disaster (Video)

Posted by Roblimo on from the 2-ounces-of-prevention-are-worth-32-ounces-of-cure dept.

What should you do if your company's servers are hacked and your customers' credit card info or other data are stolen? Neill Feather, president of SiteLock, says you should have a plan of action tested and ready to go, the same way it's wise to hold fire drills so that everyone knows what to do in case of fire. Neill also recommends checking out the Online Trust Alliance and the many resources it makes available to businesses of all sizes whether or not they are OTA members. One document that would be a good place to start is their Data Protection & Breach Readiness Guide, which covers topics including liability and insurance considerations; basic forensics (to help catch the evildoers -- and prevent them from doing evil to you again); and even what information you should include in a letter to customers after a Target or Home Depot-type data theft. We can sum all of this up with the old saying, 'An ounce of prevention is worth a pound of cure,' but you should also know what to do if a problem happens, whether that problem is data theft, a ransomware attack or anything in between.

2 of 23 comments (clear)

  1. This is sane. Sensible. by zacherynuk · · Score: 3, Interesting

    But only practical for the it dept. And direct staff. I have never once succeeded in getting realistic ds involvement outside of primary it. Even massive banks sign only the most lowly of other departments to check legally required and audited dr runs, let alone scenario testing. Oh for it utopia.

  2. So many disasters to choose from... by Anonymous Coward · · Score: 2, Interesting

    Since IT has so many facets, I have a nice buffet of choices to choose from for IT disaster scenarios:

    1: A bad guy gets access to the SAN, drops all LUNs, then resyncs all drives as empty mirrored pairs, overwriting all data in the array with garbage.

    2: Someone logs onto the HID card reader server and deletes all users from all doors. Much fun ensues as a lot of the doors have no backup mechanical keys, and the ones that do, someone stuffed half a key in.

    3: Someone logs on remotely to the HVAC system and shuts it off in the middle of the night, then kills the door locks. All servers are now thermally shut down or off because they barbecued themselves.

    4: Someone changes the master tape password on the silo... six months later, the silo is then reset, so all tapes in the meantime are not accessible.

    5: Someone erases your KMS server and forces a "slmgr /upk" on all boxes in the domain forest.

    6: Someone purged the config from your fabric, and the TFTP server has all backup configs erased.

    7: Someone uses your Netbackup master server to force restores from random client "A" to client "B", hosing everything, without a single admin password or AD cred needed.

    8: Your BlueCoat device now ships its SSL interception logs offshore, so personal banking of employees and everything else can be easily sifted through.

    9: Someone logs on as employees, then sends bogus E-mails to all clients.

    10: Your SecurID server is purged, as well as the backup. Now the admins can't log onto the routers.

    Lots of disasters to chose from. Main thing to do is defense in depth, and isolate/segment.