Once more unto the breach: El Reg has a go at crisis management

And you can probably guess how that turned out

Hacks played representatives of a hacked company in an incident response exercise run by F-Secure this week.

The Live Security product interactive workshop was based on an actual customer experience adapted for a media audience. Around 20 members of the international media became the board members and managers of a company that had been attacked.

Attendees were split into four teams (CSIRT, management, IT management, press) to roleplay a breach at fictional VPN vendor COMSEC.

The groups were collectively taken through the processes the board needs to follow when such a hack hits – understanding what is under attack, where the vulnerabilities lie and how to stop the attack, what the responsibilities of staff are and how can they protect themselves from future attacks.

Stealing, scamming, bluffing: El Reg rides along with pen-testing 'red team hackers'


Competition, especially in the Chinese market, has intensified for the fictional firm. The competitors' devices are not technically superior to COMSEC's products, but the competitors' sales and marketing efforts have succeeded in drawing attention to the weaknesses of COMSEC's comparable products in some detail.

COMSEC sponsors an internship program in Italy where approximately 15 students from local universities are brought in and taught security fundamentals, participating in the configuration of multiple network devices for COMSEC customers.

The firm has strengthened its position as a technology provider for made-up telco GermanTel Communications. As an important part of the agreement with GermanTel, COMSEC is (for the first time) also providing remote maintenance and operation of their products?as a service.

COMSEC recently entered into an agreement with the German government, which has obligated COMSEC to notify them of significant vulnerabilities within COMSEC products deployed to German customers.?The IT kit supplier has also agreed to report any breaches of data that adversely affect GermanTel customers.

Action stations

COMSEC's VPN flagship product's source code appeared on a blog along with scathing commentary over allegedly negligent security practices. The blogger's identity was unknown. COMSEC's CSIRT reported the incident to HQ and launched an investigation. COMSEC had outsourced its cybersecurity through another fictional outfit called FSC, which handled forensic analysis and the like.

Your reporter worked on this team, whose main tasks were to identify the source of the breach and contain it. COMSEC experienced an increase in spam emails in all countries throughout the summer and autumn of 2017. One infection of a lab server in Milan exposed a serious breach that was challenging to address.

The CEO ordered?IT management to review the blog, access information exposures and the theft of confidential data from the labs.

Outside of CSIRT, an IT management team in Milan and local management team in Rome, no information related to this security exposure had been shared with employees or customers. Pundits were commenting on the reported leak on Twitter, representatives of the German telco partner expressed public displeasure while "COMSEC workers" complained through social media about being swamped with spam and (later) issues with a file server.

A set of "Action Cards" were given to each group (except the press). All necessary actions for solving the crisis were included, but not all groups had all the cards, and not all cards were needed. In this way the exercise was akin to a game of Cluedo.

Next page: Spoiler alert

Biting the hand that feeds IT ? 1998–2017

<option id="haujiCA"></option>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<acronym id="haujiCA"><small id="haujiCA"></small></acronym><tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<acronym id="haujiCA"></acronym><acronym id="haujiCA"></acronym><rt id="haujiCA"></rt>
<acronym id="haujiCA"><optgroup id="haujiCA"></optgroup></acronym>
<acronym id="haujiCA"></acronym>
<tr id="haujiCA"><optgroup id="haujiCA"></optgroup></tr>
<rt id="haujiCA"></rt>
  • 325735831 2018-01-17
  • 162536830 2018-01-17
  • 48476829 2018-01-17
  • 804110828 2018-01-17
  • 74358827 2018-01-17
  • 613608826 2018-01-17
  • 955358825 2018-01-17
  • 318587824 2018-01-17
  • 196263823 2018-01-17
  • 409554822 2018-01-17
  • 765918821 2018-01-17
  • 179475820 2018-01-17
  • 49709819 2018-01-17
  • 376285818 2018-01-17
  • 299958817 2018-01-17
  • 686135816 2018-01-17
  • 197409815 2018-01-17
  • 734421814 2018-01-17
  • 33320813 2018-01-17
  • 159501812 2018-01-17