Tell staff to think of security incidents as possible computer crimes, an industry analyst advises. That will help them understand their importance
Shakespeare once asked “what’s in a name?” Call a rose something else and it would still smell as sweet, he argued.
But over the decades, the answer to his question has often been “quite a lot.”
Some IT staffers, he says, treat IT problems and security incidents the same way. Wrong. Security incidents can bring down an organization. IT problems – an app doesn’t work, Internet access has been cut, PCs are slow – can be fixed. They need to be fixed fast, but there’s no need for panic.
But if corporate secrets are stolen, if there’s been a loss of confidential personal data then someone better light a fire under the pants of the security team.
“The difference between IT issue resolution and security incident response is huge and unambiguous,” writes Churakin.