Monday, September 15, 2008

Security Incident Analysis Report

You might be very good at technical skills, you might be the best incident analyst in your organization but if you are not able to deliver your findings or analysis in an effective way to the top folks then all your hard work will be useless.

What matters the most to CXO's when dealing with Incidents:

1) Incident reports
2) Graphs / Pattern
3) High level view of the incident
4) High level view supported by excellent low level incident details
5) Root cause of the incident
6) What went wrong and who should be blamed
7) How to avoid it in future
8) Does this Incident touch compliance requirements.

The CXO's are usually interested in how things have happened and what is the answer they can give when they are asked about the incident that recently happened to the media, to the shareholders and most importantly to their own Bosses.

There are instances when people come up with a 3 page incident report without any format being following, without linking close occurrences of the incident and what lead to such an incident. You can have a look at the incident analysis report from Government of Canada after the Slammer worm was released.

So, when ever you write an incident report make sure you are precise to the point and include all the details with a chain of occurrences and make it effective not just for other technical folks but even for management.
-Abhiz

No comments: