Take time to document security processes, says expert

There’s an old saw that says ‘Action speaks louder than words.’ Often infosec pros are more inclined to action — solving the never-ending list of problems piled on them daily– than documenting what they’re doing and why.

But in a column for Security Week FireEye CTO Joshua Goldfarb usefully reminds CISOs of the importance of documenting processes. There’s no shortage of things that have to be formalized including — especially–an incident response plan. (For a start, try this handbook from the SANS Institute). Goldfarb notes that an increasing number of parties, including auditors, insurance underwriters, customers, partners and others may want to know if you’ve got a plan, which at least shows you are taking cyber security seriously.

And don’t forget that the plan has to be tested and updated regularly to be effective when it’s needed.

But Goldfarb also there are other things to be documented, including a risk register (which lists the risks and threats the organization faces, so they can be prioritized), a list of alerts security staff will face, how data can be gathered for analytics, and important internal and external contacts (which regularly has to be updated).

He also reminds infosec leaders that they can criticize others for their documentation, but it’s better to write down how you would approach things differently  given topic differently. That, he says, is the key to opening up a constructive conversation with security teams.

“I know that writing and documenting aren’t the most exciting activities,” he admits. “But they have tremendous potential, both in improving security operations and incident response, as well as in opening up a constructive dialogue that the information security community so desperately needs.”

Let us know in the comments section below how you and your organization have met documentation challenges.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now