The other night, while my wife and I were walking Daisy, we had an ‘incident’ to respond to. Not computer related, but the principles of incident response still apply. Someone decided that abandoning three month-old kittens on the road down from our house was a good idea ~ ‘surely someone nice will give them homes!’
If we ignored their plight, the outcome would go three ways:
- Someone else might rescue them. Although, since it was after 10:00 P.M. this was unlikely.
- They’d be hit by cars.
- Wile E. Coyote and his brethren would enjoy their company.
So, we rescued them, sheltered them overnight and in the morning, off to the Humane Society (with a donation) they went since we just can’t accommodate three kittens with our golden retriever.
Reflecting on this episode, I thought about how I’d been taught about incident response by SANS Institute instructors. The acronym I learned is PICERL; Preparation, Identification, Containment, Eradication, Recovery, Lessons-learned.
We were prepared because we had cardboard boxes to hold them and a crate at home for the night. We identified the problem, contained the kittens and eradicated the threats that night (no, we didn’t kill any coyotes). Recovery happened in the morning and Lessons-learned are ongoing (expect the unexpected and assume breach are two of them).
The takeaway on this is that strange things happen and we can use our training, even very IT security-specific, to manage the event. Security is about doing the Right Thing, at the Right Time, for the Right Reasons ~ this incident was no exception and was definitely security-related, at least in the physical sense as far as the kittens were concerned.
by Bill Wildprett, Suspicious Minds blog, Copyright 2010
*** This is a Security Bloggers Network syndicated blog from Suspicious Minds authored by Bill Wildprett. Read the original post at: https://suspiciousminds.wordpress.com/2010/07/28/catching-kittens/