Erik Barnett | October 09, 2012
Once upon a time, I was watching ESPN and they were doing this story on a basketball player named Allen Iverson. Usually when they do cover stories, it is because of something good they player did. In this case… ehhhh… not so much. Allen Iverson missed his NBA team’s practice and was questioned about it during a news interview. His response is pretty classic -- “We talking about practice? Not a game, not a game, not a game, we talking about practice? Not a game, not the game that I going out there and die for and play every game as if it was my last, we talking about practice.” It goes on for a whole 2:23 minutes, it’s rather funny.
To me, this brings up an important question on security posture. How often do you practice your mitigation techniques? As funny as I find Allen Iverson’s comments, only because of how he explains it and his expressions, he is wrong. My prior employers all placed a huge emphasis on… practice. It could mean the absolute difference in surviving certain situations or not. The common phrase these employers preached was, “You perform the way you practice.” This meant that we took it very serious. Every practice, every scenario, every situation a million times -- walk through, jog through, real time… do it again. And again… We critiqued our time, our demeanors, our responsibilities. Perfection was always the goal.
I view the Cyber Security World in the same way I view this world. It’s a dangerous place that has good areas. The ability to do business and pass information from one place to another has also granted the capability for bad guys to remotely touch you. It is a great start to have security policies and procedures regarding your positions and actions. But it’s better if you continuously practice those same positions. Practice a “talk” through scenario of situations that relate to your business. Example, 'Your web front-end is being attacked via Denial of Service (DoS). What do you do?' Then, perform a dry run also known as a “walkthrough”. You can start this by sitting down on a conference call and just talking through your response.
Eventually, you can work your way to practicing a real time situation of that same scenario. This should be apart of your overall security operations activities. Not only does it lead to consistency, it will also improve the efficiency and accuracy of your team .
The old phrase is true in the security world as well – practice really does make perfect.
POST A COMMENT