Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Crisis Communication for Incident Response

Crisis Communication for Incident Response

Presented at the SANS Leadership Summit on 9/28/16.

Scott J. Roberts

September 28, 2016

More Decks by Scott J. Roberts

Other Decks in Technology


  1. Security Ops Manger: SIRT of GitHub Author of Intelligence Driven

    IR SANS Instructor in Training & CTI Summit Board SCOTT J ROBERTS
  2. –Wikipedia: Crisis Communications [...] a sub-specialty of the public relations

    profession that is designed to protect and defend an individual, company, or organization facing a public challenge to its reputation.
  3. – Brad Phillips of Phillips Media Relations You need to

    prepare for today's media culture, in which a tweet can become newsworthy and a news interview can become tweet-worthy.

  5. – Andy Gilman of Comm Core Consulting Group The secret

    of crisis management is not good vs. bad, it's preventing the bad from getting worse.
  6. – John D. Rockefeller Next to doing the right thing,

    the most important thing is to let people know you are doing the right thing.
  7. –Mark Twain Always acknowledge a fault frankly. This will throw

    those in authority off their guard and give you opportunity to commit more.
  8. SOUNDING HUMAN All communications go through one person Say it,

    write it, read it, then read it out loud Get some outside feedback
  9. Time Action ??? Intrusion Begins 11/27-12/15 Fraud Takes Place 12/15/13

    Breach Confirmed Internally, 40 million cards 12/18/13 First Krebs Article 12/19/13 Target Acknowledges Breach 12/20/13 Target says “very few cards”
  10. Time Action 12/21/13 Banks start reissuing cards proactively 12/27/13 3rd

    Party IR identifies stolen card/pins 1/20/2014 70 million additional accounts announced 1/22/14 475 employees laid off w/700 open recs 5/2/14 CEO Gregg Steinhafel Ousted
  11. –Gregg Steinhafel (Now Former) CEO of Target Our top priority

    is taking care of you and helping you feel confident about shopping at Target, and it is our responsibility to protect your information when you shop with us. We didn’t live up to that responsibility, and I am truly sorry.
  12. Time Action Late 2014 Initial Compromise 07/16 "Peace" tried selling

    account information 07/25 Sale of Yahoo to Verizon announced ~August Internal investigation finds 2014 attack 09/22 Compromise Information Released 09/27 Senators request formal timeline & info
  13. Time Action Early 02/15 Incident Begins Early 02/15 Incident On

    Going (Four Days) 03/27 Web & Email Notifications Posted
  14. –Warren Buffet It takes 20 years to build a reputation

    and five minutes to ruin it. If you think about that, you'll do things differently.
  15. MAKE A PLAN - Know Your Stakeholders - Know Your

    Decision Makers - Know Your Methods - Know Your Voice
  16. THANKS TO • Kate Guarente & Katelyn Bryant of GitHub

    • Rachel Vandernick of Elizabethtown College • Kristin Reichardt-Rummell of Swish Media • Mark Imbriaco of OperableInc