This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Infosec 2013: Security bosses 'Gods' of the business during incidents

Share this article:

Security bosses need to make sure they are well prepared, and have the right business authority to act decisively during an incident.

Infosec 2013 saw a panel of experts discuss incident response, and what an organisation needed to put in place so they could respond the best way. Edward Tucker, head of cyber security and response at HMRC, said it was essential to have corporate top-level buy-in from the board.

"You need to effectively become God during an incident," he said of an organisation's head of security.

"Heads will run in all directions, both towards you and away from you. It's key that you are in charge and have the authority to coordinate the responses."

It's not just the security team that needs to be responsive during an incident - the rest of the business needs to be fully aware of what's going on to effectively respond.

Tracy Andrew, information security and compliance officer at Field Fisher Waterhouse, added that people needed to be aware of what an incident was and how it needed to be managed. 

"If you in your team can't agree what an incident is, how are you going to communicate that to your staff?," he asked.

"Staff need to be aware of what to look for - email phishing, social engineering. It's about making sure the message gets in."

Vicky Gavin, head of business continuity and information security at the Economist Group, said that although they have tried innovative ways of raising staff awareness, ultimately they needed to be an extension of the security team. 

She said: "They have to be able to identify when an incident is happening, ideally before it happens, or as soon as it happens so we can get involved quickly.

"We ran a contest last October where we ran a raffle, and to get a ticket to the raffle employees needed to forward a phishing or spam email they received. It was an extremely effective awareness exercise, because it forced people to internalise." 

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

Turn off WPS on routers for WiFi security

Turn off WPS on routers for WiFi security ...

A Swiss researcher is advocating turning off WPS to secure routers after finding a flaw that eliminates the randomness of codes generated by some routers when WPS is switched on...

Apple's iCloud hacked, nude celeb photos posted

Apple's iCloud hacked, nude celeb photos posted

Questions have been raised about the security of Apple's iCloud service, after a hacker posted nude pictures of celebrities to the 4Chan forum, claiming they were obtained after a hack ...