I was privileged to be a member of the audience at Anglia Ruskin University for the OWASP & BCS Cybercrime Forensics SIG “Incident Response Day” on the 19 January to hear Steve Shepherd MBE. Steve, a Senior Forensic Consultant and the Cyber Security Incident Response lead for PA & 7Safe, gave a lively talk based on a cyber incident scenario that gripped the audience of 125 delegates, delivering a practical and informative cyber workshop titled “Malware Red Alert: the first 24 hours”.
Business-savvy cyber advice
Designed for the business audience, Steve presented a Cyber Incident Response threat scenario that showed just how assumptions can, and often are, dangerous. The substance of his talk served as a timely warning to IT managers and network technicians, SOC managers, and Board members alike as he shared his thoughts on how to apply the CREST Three-Phase Cyber Security Incident Response (CSIR) model and invited the audience to role play in response to a serious cyber incident.
Although the incident was dramatized for the purpose of his talk, Steve was able to show from his recollections of similar cyber security alerts that he has attended the folly of relying on software alone to determine the nature of threats. False positives were in many ways as bad as malware attacks in terms of the possible negative effect on business continuity and stakeholder confidence.
Assumptions about CSIR best practice challenged
As the pre-event blurb aptly stated: “If you think you understand incident response procedures from a ‘people, process and technology’ standpoint, be prepared to challenge what you deem to be fact during Steve’s practical talk and demonstration. The emphasis will be on knowledge transfer – and why software tools are never the whole answer.” Throughout the talk, Steve was bombarded by questions from a highly-appreciative audience that was as keen to learn as he was to challenge their beliefs about how best to respond to a cyber incident.
Anglia Ruskin University Cyber Talks programme
The talk was arranged as part of a programme of cyber events led by Adrian Winckles of Anglia Ruskin University’s Department of Computing & Technology. This particular event was supported by the British Computer Society (BCS) Cybercrime Forensics Special Internet Group and OWASP (Open Web Application Security Project) Cambridge Chapter.
As the Incident Response day drew to a close, Steve received offers from technology companies in the Cambridge Cyber Cluster area to consult and was invited to speak at other prestigious events.
# # #
Learn more about Cyber Security Incident Response here:
How you respond to a cyber security incident determines the final outcome. 7Safe’s expert CSIR team can help your organisation to take the right steps before your organisation suffers a breach:
Cyber Security Incident Response (CSIR)
Need expert help now? Talk to our CSIR advisers in confidence on +44 (0)870 600 1667