Tuesday, July 10, 2012
"Incident Response" is a really stupid concept
I just got a white paper announcement from one of the major IT publications from a sponsor touting scenarios for "incident response" teams. My fellow cyber privateers, when the balloon goes up there isn't time for a group of people to sit around a table and reach a consensus. You don't have a day, an afternoon, or even an hour. Your response to intrusions should be within milliseconds, it should be unambiguous, and it should be absolutely disproportionate. Which means it should be advertised to the point that no individual or government wants to come near your site. See Principle #22 on Defense (here) of the Perfect Virus. My idea of "incident response" is a PR firm issuing a press release explaining why no one in Beijing can complete a cell phone call for the next seven days. An object lesson for the government-sponsored intrusion into company XYZ's systems, courtesy of licensed and bonded cyber privateers operating under The Cyber Privateer Code of Conduct (see here). How's THAT for incident response?
Posted by Destroying Angel at 7/10/2012 09:06:00 AM