Ones and Zeros

When we talk about information technology, you will agree that we are talking in detail about ones and zeros. Every single part of a calculation (we simplify that everything is a kind of calculation) depends on it, at any time.
When we talk about information security, the rules change a bit.

Of course, proof of a cyberattack, for example, is also made up of ones and zeros, and that’s important to ensure non-repudiation of the evidence.

But if we relied only on that, it would be easy to also let computer programs decide whether a security incident is over and what steps are needed to return to normal.

But that is far from the case. You have to look at the big picture not only about the incident, but also about the business processes that have been stopped as a result and so the impact on the business.

Most of the time, you’re dealing with different opinions. Operations have to be resumed as quickly as possible. You can calculate how much money is lost in every single hour of downtime.

But as the person responsible for cyber security, your priority is also to:

• first and most important – stay calm
• do a risk analysis based on the facts of the incident
• talk to your SOC and the members of the incident response team
• consider the possibility that more has happened than meets the eye
• scan your systems and have them tested to make sure everything is clean
• plan and implement safety measures to reduce the risk of it happening again
• AND get back to normal, once the other items are taken care of

So it’s not just about ones and zeros, true or false. You need experienced, well-trained decision makers with the ability to think outside the box, and you need to empower them to do their jobs properly.

Ultimately, the responsibility lies not only with them, but also with the top management.