THE SOCIAL MEDIA SIDE OF INCIDENT RESPONSE...

Google

[For the February 2014 version of this post, see here]
Not impressed with LinkedIn's social media crisis response after more than 6M user passwords got leaked recently or non-plussed with Dropbox's handling of their own crisis? Read on... In one of my February posts, I wrote about incident response and the importance of addressing the media in a timely manner. Whilst the NIST report SP 800-61 gives really good guidelines on the positive aspects of fully and effectively communicating important information to the public, I feel there is some mileage to be had by exploring the use of social media when tackling incident response. After all, we've all seen how quickly news can spread on twitter here or here... So, should you be breached, you would no doubt have a crisis communication process already in place, but does it include social media?...

CLOSE ENCOUNTERS OF THE THIRD (PARTY) KIND...

Google
Phew... The last month was absolutely hectic, with all those conferences falling within the same short period of time! With all that, I was privileged enough to have been asked to speak at both Internet World and Infosecurity Europe. Two very different experiences... Whilst it is expected to be talking about security at an infosec conference, it is always welcome to be asked to present about security matters at an event with a different focus - in this instance, everything digital... (see my previous post on the subject). It was nevertheless surprising, walking the show floor at Internet World, talking to vendors and poring over the agendas in the various theatres, how little security featured. With everything about the show related to "cyber", not many had made the obvious leap to "cybercrime"... So, on the way to our Devil's Tower, our quest is still to find our curwen hand signs to communicate with the third (party) kind...