Information Security Fire Drills

'Practice Makes Perfect' With Face-to-Face Training

By , October 9, 2012.
Information Security Fire Drills

Delaware state ISOs recently convened for a day of meetings and training to better prepare for incidents in their individual agencies, an event state CSO Elayne Starkey compares to fire drills.

See Also: Cloud Infrastructure: Same Security Needs, Dynamic New Environment

Aside from being a networking opportunity and a chance to connect with peers, information security officers in Delaware took part in a half-day meeting to take part in training scenarios to learn new methods in order to respond to incidents more efficiently, says Starkey.

"We like to present them with these kinds of incidents and for them to think about how they might respond and mitigate incidents like this when they're practicing," she says in an interview with Information Security Media Group's Eric Chabrow [transcript below].

"It's the same reason we run fire drills in buildings," Starkey explains. "Let's get them in a setting where it's not for real."

Some of the scenarios included responding to spam e-mails being sent to an organization, USB drives connected to devices when they shouldn't have been and an administrator's password being exposed.

Meeting face-to-face offers state ISOs the opportunity to learn from their peers. "I heard some really good ideas, and I saw some eyes kind of widen like, 'Oh, I hadn't thought about that,'" Starkey says.

In the interview, conducted at a half-day meeting of Delaware state ISOs in September, Starkey explains the:

  • Requirements ISOs must meet to receive DCISO certification;
  • Importance of providing face-to-face group meetings for ISOs such as the one held in September;
  • Value of conducting incident tests at the face-to-face meetings, which can earn ISOs credit for their DCISO certification.

Starkey has been Delaware's state CSO for seven years. She earned two computer science degrees, a master of science from Rochester Institute of Technology and a bachelor of science from James Madison University.

Face-to-Face Training

ERIC CHABROW: We just finished a gathering of a quarter of the state agencies' information security officers. You gather them every other month?

ELAYNE STARKEY: We do a bi-monthly webcast with them and once a year we like to convene a face-to-face meeting. Today was our annual face-to-face gathering and all 230 ISOs were welcome to attend. That's a mix of primary and alternate ISOs, so typically they sent at least one or two ISOs from each organization.

CHABROW: Why is it important to get them together face-to-face?

STARKEY: The networking opportunities that it provides to them; a wise emergency management advisor once told me that the best time to meet someone that you're going to need assistance from in an incident is not when the incident is going on. This is an opportunity for them to come together and get to know each other. They all share common issues and common problems. We heard that today. They each now go home to their various school districts and state agencies and they deal with very similar problems. To build the relationships and the connections here in a face-to-face setting is much more conducive than our web meetings that we have. It gives them the opportunity to go home and tomorrow they might want to just pick up the phone and call and talk to someone that they met today, or even if it's a month from now or a year from now, it's just important to me that they have a venue to come together to build these relationships.

Threat Scenarios

CHABROW: One of the highlights of today's session was the scenarios you outlined for these ISOs. They were broken up into about five groups of ten each. They were each given a different problem. Now these problems dealt with things such as spam going into the e-mail of an organization, a USB drive being connected to a device that should not have been. Another one dealt with an administrator's password being exposed, things like that. What's the purpose of them? Why are they important?

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Why POS Malware Still Works

New, advanced point-of-sale malware dubbed "Poseidon" can exfiltrate card data directly from every...

Latest Tweets and Mentions

ARTICLE Why POS Malware Still Works

New, advanced point-of-sale malware dubbed "Poseidon" can exfiltrate card data directly from every...

The ISMG Network