Major Incident Response Masterclass at This Month’s RANT Forum

In Common ByAngus Batey / 22nd July 2013


The role of the cyber security professional may be among the most demanding in the modern business world. The type of personality who will function best in the job seems to be one that is confident and forthright, yet able to quickly admit to their own limitations.

“A good CISO will say, ‘I don’t know the answer to this problem – but I know someone who will, I know where to find them, and I’m already onto it now’,” says Jason Creasey. The former head of research at the Information Security Forum, where he worked for 17 years, Creasey is now managing director of Jerakano Limited, the infosec services supplier and consultancy, and his presentation at this month’s RANT Forum will look at how senior information-security practitioners can best prepare themselves and their businesses to respond to major cyber security incidents.

Knowing when, and who, to ask for help is just one part of what makes a great information-security leader, says Creasey – whose faith in this fundamental point was underscored during extensive research he carried out recently, when Jerakano Ltd was commissioned to produce a report into cyber security incident response for the Council for Registered Ethical Security Testers (CREST). Another key factor identified is imagination.

“People want to rehearse responses,” Creasey tells the RANT blog. “When you do a fire drill in a building, everybody hurtles down the fire escape: we all go down the stairs, sit on the lawn at the corner, someone counts us, and everyone’s OK. But in reality it doesn’t go like that. Major incidents don’t tend to be caused by one thing – several major things have to go wrong at the same time. So for that fire-drill scenario, my initial play would be, ‘OK, guys: there’s a fire, but the fire-escape stairwell is the part of the building that’s on fire. Now what do you do?'”

Not everyone will need to outsource aspects of their major-incident response capability, but Creasey’s experience suggests that most will, even if it’s just for some highly specialised tasks. “The major banks, who are probably the most involved in this area, still use external suppliers for specialist support,” he says. “The first thing is to identify the things you can’t do internally, and make sure you know where to go before an incident happens.”

Creasey’s talk at this month’s RANT Forum will go through this process, looking at the kinds of questions information-security professionals need to be asking themselves, and offering tips on how to select the right specialist providers for help you may only require in a once-in-a-career disaster. His presentation will also look at what internal support mechanisms need to be in place.

“The CISO might know what to do, but their company hasn’t provided them with the senior management support, the resources, the tools and the access to go about it in the way they’d like,” he says. “The best CISOs tend to be the ones who are good at managing people, with wide contacts, who have a holistic approach so they’ve embedded security throughout the organisation.”

So, if you’re looking for advice on configuring your business for a major and unexpected attack, or if you reckon there isn’t anything out there you’re not prepared for, this is the event for you. Come along ready to learn, discuss, debate and argue, to The Counting House, 50 Cornhill, London, EC3V 3PD, from 5:30pm on Wednesday October 30. Please apply for your place by contacting Gemma Paterson at Acumin on either +44 (0)20 7510 9041 or