|
Saving Private Data
… a workshop staging detection of an Intrusion
Attack on a corporate IT system,
the corporation’s responses to the attack, and the potential consequences
of those responses
Written, Directed and Produced by:
Bob Blakley: Chief Scientist for Security and
Privacy at IBM Tivoli Software
Jane Hill: Barrister, Chambers of Benet Hytner
Q.C. London
Target audience
· Information Security Managers
· IT Operations Managers
· Business Risk Managers
· Corporate Counsel
· Corporate Communications / PR Managers
· Corporate Auditors
· Business Application Owners
Goals
The workshop is staged in 2 Acts, with 9 players providing the action,
and each member of the audience as a Board Director bearing ultimate responsibility
for the attacked corporation.
Act 1 on Monday afternoon plays out a sequence of response scenarios
to the discovery of an intrusion, illustrating the various priorities
a business must reconcile when facing such situations, and bringing out
the need for well-prepared and regularly updated response procedures to
manage it well.
Act 2 in Tuesday morning uses the outcomes from Act 1, to indicate what
considerations well-prepared response procedures need to include. It reviews
the business and legal consequences of the intrusion, liability to third
parties and defence for any enforcement procedures (under data protection/
privacy laws), and steps to be taken to minimize their own potential losses,
and to bring the hacker to justice (or not). It also considers whether
to provide details of the intrusion to clients, law enforcement or to
an ISAC or other organisation, and the possible consequences of doing
so, or not doing so.
Synopsis
At 09.35, StarCorp's online order-processing application goes down. The
initial word from IT operations is that it's a hacker attack. Getting
the system back on line is the company's highest priority. A SWAT team
headed by IT Operations Manager Rocky Wardrop tries to identify and fix
the problem. StarCorp CEO Brenda Star is determined that the offender
will not go unpunished.
The staged performances will be directed rather like a “murder
mystery” game, with the Directors (Act 1 by Bob Blakley; Act 2 by
Jane Hill) providing commentary at appropriate points. There will be a
Q&A session at the end of each Act.
Throughout, each member of the Audience plays the part of a member of
the Board of Directors, in which capacity they have ultimate responsibility
and liability for the conduct of StarCorp, Inc.
Act 1
Simulates intrusion into the corporation’s information system
and the corporation’s response procedures, focusing particularly
on actions to restore system operation, to prevent damage to company assets,
and to collect evidence for possible prosecution (or other court proceedings).
In 5 scenes:
· Alarums and Excursions - the intrusion is discovered; service
is suspended, the response team gathers
· Investigations and Response – the intrusion response process
begins
· A Dramatic Discovery - the intrusion actually conceals an attack
on a business partner's systems
· Service is restored - the attacks are defeated, service is restored
· The aftermath - report to management, discussion of prosecution
Act 2
In Act 2, the issues raised include reluctance of organisations to report
losses or bring claims for fear of damage to their reputation; their duty/
liability to customers, business partners etc.; the effects of bringing
proceedings (or defending claims) – evidential issues relating to
discovery/ disclosure etc.; defining and quantifying loss; the role of
security policies/audits etc.; and the role of insurance.
These issues are brought out in 5 scenes:
· The Writ - first responses: the StarCorp team take stock of their
situation.
· Evidence review – a legal eye view of the decisions made
in Act 1
· Legal strategy planning – StarCorp assesses the damage
and potential litigants
· What to disclose or not to disclose – the lawyers and others
consider the impact of public statements/depositions
· Final decisions - going to trial (or not?)
The cast
Rocky Wardrop - StarCorp IT Operations Manager |
Walter Stahlecker – Hewlett Packard
/ Open Group Board member |
Col. K. A. "Kelly" Rider (ret.) - StarCorp IT
Security Manager |
Steve
Jenkins - NASA Jet Propulsion Laboratory |
Lucinda Walls - StarCorp Order-Processing Application Owner |
Sally Long – The Open Group |
Brenda Star – StarCorp CEO |
Jane Hill: Barrister, Chambers of Benet Hytner
Q.C. London |
David Auric - StarCorp Public Relations Officer |
Eliot Solomon – Eliot M. Solomon
Consulting |
Brendan “Blowtorch” Boylan - Boylan, Boylan,
Singh, Girardo (retained counsel to Nebular Networks) |
Wes Kinnear - Holme Roberts & Owen,
LLP |
Anna Williamson – StarCorp Corporate Counsel |
Ola Clinton - Holme Roberts & Owen,
LLP |
Tim “the Terrier” Malone – Independent
Daily Tabloid - reporter |
John Mawhood – Partner, Tarlo Lyons,
London |
Bailiff |
David Lounsbury – The Open Group |
Board of Directors |
The audience |
|