Tuesday, July 10, 2012

"Incident Response" is a really stupid concept

I just got a white paper announcement from one of the major IT publications from a sponsor touting scenarios for "incident response" teams. My fellow cyber privateers, when the balloon goes up there isn't time for a group of people to sit around a table and reach a consensus. You don't have a day, an afternoon, or even an hour. Your response to intrusions should be within milliseconds, it should be unambiguous, and it should be absolutely disproportionate. Which means it should be advertised to the point that no individual or government wants to come near your site. See Principle #22 on Defense (here) of the Perfect Virus. My idea of "incident response" is a PR firm issuing a press release explaining why no one in Beijing can complete a cell phone call for the next seven days. An object lesson for the government-sponsored intrusion into company XYZ's systems, courtesy of licensed and bonded cyber privateers operating under The Cyber Privateer Code of Conduct (see here). How's THAT for incident response?

1 comment:

  1. hpc solutions

    It has become a problem on a lot of sites wherein Chinese hackers are a nuisance as they deface several websites.

    ReplyDelete

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?