May 27, 2008

By Michael Starks

Anyone who has moved across the country, or even across town, knows how much work it can be. Everything has to be packed, utilities have to be transitioned and friends need to be bribed with pizza. But what happens when things don’t go exactly as planned?

It was 9:30 PM. We had been working non-stop for the past two days. We had to face the facts. We had too much stuff. It wasn’t all going to fit. We had run out of room on the truck.

Looking around, we still had living room furniture, a 19” TV, work benches and various other items. Although we were exhausted, stressed and hungry, we had to make some choices. Enter Incident Response mode.

My Wife, Mother and Daughter were scheduled to fly out the next day. We had this plan, see, and everything was supposed to have been packed by now. The ladies would fly out on Wednesday, and my father and I would start the 1,500 mile drive to our new home.

Barely able to put two thoughts together, we reasoned that we had the following choices:

1. Change the tickets so they could stay behind and help.
2. Let them fly out as expected and deal with the stuff ourselves.

After a call to the airlines, option number one wasn’t so appealing. Clearly, they wanted to send a message that changing flight times was going to be painful. That message was about $900. OK, Dad and I can handle this. Somehow. Yeah. We’ll get it done! What was that we were trying to decide, again? I could really use some dinner.

The next day, Dad and I loaded the last of what was physically possible in the truck. After pondering one of those miniaturizing ray guns, we decided that the next best thing to do would be to donate the rest to a local charity.

That turned out to not be necessary. We didn’t realize it, but we had one of those neighbors that truly epitomized the word, neighbor. She offered to take everything that was left over. She would donate some, keep some and deal with the rest. She undoubtedly saved us at least an additional day of effort and countless hours on the road trying to make up for lost time. Score one for good Karma.

After four long days, we finally started our journey. And as I drove, I couldn’t help but look back and reflect on the situation. It had so many parallels to information security; specifically disaster recovery, business continuity and incident response.

What could we have done better and how does this relate to security?

1. We didn’t take care of the important stuff first. I would have much preferred to take the couch over the several PC skeletons I will rebuild. Someday. Right. Are you prioritizing the important items in your information security program? What will be left behind when the budget gets reduced?

2. We failed to plan for contingencies. Although we did give a lot away before the move, clearly we underestimated how much we had. We didn’t ask the question, “What is our plan if we run out of room on the truck?” We didn’t ask, “How will a change in plans affect ticket prices?” We did some planning, but it wasn’t enough to cover the risks. Have you considered what will happen if
key people are gone? Have you thought about the effects of the firewall being mistakenly configured for ‘allow all.’

3. We underestimated the impact of physical fatigue. Being physically tired affects our ability to think clearly and make good decisions. We’re human beings and no matter how unaffected we think we’ll be when the going gets tough, there will clearly be some level of detriment. Does your plan take the human factor into account? In a disaster, are you expecting your administrators to work 24, or even 48 hours without sleep? In effect, are you expecting them to be non-human?

4. Finally, We failed to properly estimate the work load. None of us ever have enough time in the day. Does your security program have the people and other resources needed to accomplish your goals? If not, there are two things that you can do: Get more resources or see number one—take care of the important stuff first.

Large changes in life and in security are inevitable. But with proper planning, you’ll be in a better place to deal with them. Now, where was that hammer…

About the Author Michael Santarcangelo

The founder of Security Catalyst, Michael develops exceptional leaders and powerful communicators with the security mindset for success.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.