Kevin Mandia, a man who has been called in to help organizations deal with some of the most notable data breaches in recent memory, has a few questions for CISOs. Mandia is the SVP and COO of FireEye and the former CEO of Mandiant, which he sold to FireEye for $1 billion in January.
At the recent Whitehouse Cyber Security Summit, Mandia sat on a panel about international law enforcement cooperation, along with representatives from the Federal Bureau of Investigation and the U.S. Secret Service. During the discussion, Mandia provided some specific guidance on how organizations should structure their security practices.
When dealing with breach mitigation Mandia suggests that it's important to reduce the target area to an acceptable risk. "The target area is where companies with mature security programs monitor like heck," he said.
It is important, however, to put a plan in place that can be quickly employed if an attacker circumvents that target area.https://o1.qnsr.com/log/p.gif?;n=203;c=204660766;s=9477;x=7936;f=201812281312070;u=j;z=TIMESTAMP;a=20392931;e=i
The best organizations have already done the work to break into their own organizations to understand the weak points, Mandia added.
3 Questions for the CISO
Mandia offered three key questions that every CISO should be able to answer:
How would you break into our organization? If a CISO can't answer that question, Mandia said, he or she is simply not thinking properly about the organization's security program.
If we had a breach, would we even detect it? Mandia said that understanding if the CISO has a plan for breach detection is critical to an organization being able to actually deal with a security incident when one occurs.
What's the worst case scenario if someone does actually break in? "You don't necessarily need to care what the answers are," Mandia said. "You want to make sure that there are answers."
If a CISO can answer these three questions, Mandia said, it means the organization has a security program in place that can address the core issues of today's hacking threats.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.