Home · About · A-Z Index · Search · Contacts · Press · Register · Login
    


Objective of Meeting
Summary
Outputs
Next Steps
Links

Sponsoring Forum(s)

Active Loss Prevention

Security

Meeting Report

Debriefing Meeting on Saving Private Data Workshop
held on
Tuesday 4th February 2003, 14.00-15.30

Objective of Meeting

This meeting was held immediately after the close of the Conference Plenary to ensure as many of the cast were still at the Conference and so able to participate in a meeting to capture feedback on the workshop itself, and to discuss and decide on future activities that will leverage its outcomes, to meet the desires and expectations of the cast and membership. The meeting was open to all Conference attendees, members and non-members. It was co-ordinated by Ian Dobson.

Summary

Co-producer/director Jane Hill, and Walter Stahlecker, were unable to attend this debriefing meeting. All other members of the cast were present, plus members of the Security Forum and Active Loss Prevention Initiative who attended this Conference.

For a summary of the Saving Private Data Workshop itself, see the report on the Conference Plenary.

All the cast said they had enjoyed doing the workshop, and the feedback from all present was that it had been well received by the plenary audience, as an original way to present the key issues involved in intrusion attacks, making important points in an engaging and entertaining way. This was confirmed later in the week by a report in the Friday closing Conference Reports-Back plenary, where Mike Lambert advised that in the feedback forms, attendees scored the workshop as maximum 5 out of 5 except for one person who gave it 4 out of 5.

Ian Dobson noted that The Open Group made a complete video recording of the whole Workshop, including the question& answer sessions at the end of Act I on Monday PM and Act II on Tuesday AM. In discussions with Jane Hill and and Bob Blakley before this Conference, and with the support of the cast, it had been agreed that we should produce a White Paper and Video as an initial report on the workshop, and this should be available to all members as tutorial/training package and a basis for future projects.

In ensuing discussion, we captured the following issues, which we categorized as either required material for inclusion in the White Paper, or as points to be reviewed as possible future project work once the White Paper and Video package is available.

  • Produce a White Paper and Video Package based on the content of the play. The White Paper will use the script as its core, with annotated comments on the technical, legal and administrative/process issues that it raises, including a list of issues on how each party could have done their analysis better. After review of the initial draft by Bob Blakley and Jane Hill, it will be offered to members of the Security Forum and ALPI for review comments prior to publication.

  • Produce an IT Manager's check list of issues they should consider – a tick-list of key items to verify are in place in an acceptable intrusion response plan, for inclusion in the White Paper.

  • Are there other scenarios that could explore, for example, a DOS attack. This for consideration as future project when the White Paper is published.

  • Bring out the perspective of Audit, Legal, Human Resources, Executive Management, IT security, Line of Business executive, Insurer, Risk Management. This to be reviewed as possible future project when the White Paper is published.

  • Lessons learned – can this be turned into a guide? Possible future project.

  • Integrated incident management – do we want to produce a Guide on this? Possible future project.

  • Gap analysis on the collaboration & communication between communities in an IT-dependent organization, as an example of how to understand your risks before you hit a problem. Possibly include in White Paper, otherwise consider as possible future extension.

  • How do security incidents differ from other “natural” disasters?  What differences in response are required?  Are the liability issues different for a natural disaster? Is a single integrated response and recovery plan possible?

  • The business drivers in a government and military environment are different to those in a enterprise environment. Government bodies are more concerned with the reputational issues and data integrity than the financial impact of an intrusion attack. We should extend our understanding to include at least a government perspective. The best way to do this is to play out relevant scenarios. This to be considered as possible future project.

  • In the Saving Private Data workshop, all the decision-making people needed for the incident response were immediately available and present in the company when the incident occurred.  This is unlikely to happen in real life. We should include this situation in the White Paper, as one significant way in which crisis management plans can make invalid assumptions.

  • How do IT systems breakdown under stress?  Look at FEMA and other guidelines on what should be considered and how problems of this nature can be avoided. Possible future project. 

  • Show a balance between incident response versus incident investigation. This differentiation to be brought out in the White Paper.

  • How do you get good information during an incident? Are sensors available? How should you respond? It was noted that a person's voice pattern changes under stressful conditions, so voice recognition mechanisms should be avoided in incident response processes. Possible future project.

  • We should assemble a bibliography – there is a wealth of publications available on this subject, though much of it is theoretical or detailed. We should include in the White Paper a list of recommended references for security policy, incident response, capturing evidence, etc.

  • Can we identify national differences - law, culture, etc? This issue should at minimum be included in the White Paper.

  • Identify the role of a Security Audit, both as separate proving exercises when validating intrusion response plans, and as part of formal company annual audits. This issue should be brought out in the White Paper.

Outputs

Three main outputs were decisions to undertake the following actions:

  1. Produce a Saving Private Data White Paper based on the content of the play and incorporating the feedback captured in the debriefing comments in the Summary above, calling on inputs from individuals as required.
    Action:
    Ian Dobson to produce 1st draft
    Jane/Bob to review 1st draft
    All to review final draft.

  2. Produce a Saving Private Data video (on DVD), edited appropriately to accompany the White Paper.
    Action: Adam Cargill in association with Ian Dobson

  3. Review the Saving Private Data Package of White Paper plus DVD, and assess priorities for possible future projects in the Active Loss prevention Initiative and in the Security Forum to leverage its value - including considering the possibilities identified in the above Summary.

Next Steps

The Saving Private Data White Paper and DVD package will be produced and made available by the end of February 2003.

Ian Lloyd and Ian Dobson will then co-ordinate respective ALPI and Security Forum member reviews to arrive by mid-April 2003 at agreed priorities for defining and delivering future projects deriving from this Intrusion Attack & Response workshop.

Links

The Web page at http://www.opengroup.org/projects/intack provides links to all the Saving Private Data workshop materials.
Home · Contacts · Legal · Copyright · Members · News
© The Open Group 1995-2012  Updated on Tuesday, 25 March 2003