Incident Response Planning: Facing the Nightmare to Avoid Real-Life Horror

Incident Response Plan

It’s Halloween, a time to turn our attention to the things that terrify us. In honor of this tradition, consider this creepy scenario:

Lifeless eyes dilate at your approach. Battery-operated lungs suck in stale air, hypnotically wheezing with inhuman rhythm. A plastic chest rises and falls. The smooth skin reminds you of your own, only cold and lifeless. And if you brave a glance beneath the tears in the uniform, deep gouges will reveal muscle and exposed bone. This mannequin is your own Faustian/ Frankensteinian mirror, revealing the gruesome horrors that lurk just beneath the human experience.

And most unsettling of all, with the push of a button, the wounds can bleed.

Terrifying, huh? Sounds like something out of a horror film. Well, you’re not alone if this story invokes a tingling up the spine, a bad taste in the mouth, and the instinct to cringe.

So what is this nightmare scenario and why are we bringing it up?

As it turns out, this creation might be the exact opposite of a nightmare.

What we’ve been describing are the battery-operated, remote-controlled mannequins that the U.S. army uses to teach life-saving techniques. These mannequins simulate breathing, and are coupled with dilating eyes and realistic features; and indeed the plastic wounds are capable of losing copious amounts of blood. With these mannequins (much more sophisticated than their Saks Fifth Avenue counterparts), medics can keep their instincts sharp, doing as-close-to-real-life practicing as practicing gets.

These mannequins originated at Army Medical Simulation Training Centers, with the goal being to teach lifesaving techniques to medics and non-medical personnel; however, the models worked so well that the mannequins became widely implemented throughout the armed forces, being taught to soldiers of all ilk. It proved most beneficial that people could train to do procedures they might actually need to do, which later meant not freezing up in an overly-intense situation. Thousands of lives have been saved because of the hands-on experience these [arguably terrifying] mannequins provide, illuminating the fact that familiarity with something scary and uncomfortable can very well be in one’s overall best interest. A nightmare through one scope can look heaven-sent through a wider set of eyes.

So what does this all have to do with network security?

Let’s talk about Incident Response Plans.

An Incident Response Plan is a technique for managing security breaches and cyber attacks that is set up before such an episode occurs. The Incident Response Plan is a step-by-step procedure for dealing with things that can be life-threatening to an organization. It can be scary and unfamiliar (possibly even gruesome to some), but it can also help stop future injuries.

Cyber attacks that are not properly handled or addressed have high risk of spiraling out of control, leading to further data breaches or even full-fledged lockouts. It’s important to be able to detect attacks (information doesn’t visibly hemorrhage, unlike the mannequins), and there are many web scanners and patches available for such jobs, as well as monitoring of web site logs. According to the SANS institute, The Incident Response planning process should look something like this:

  1. Preparation – readying for an attack.
  2. Identification – an alert to when an attack has occurred.
  3. Containment – implementing processes to limit damage, which could involve deploying patches, pulling power cords out of the wall, or blocking outside access.
  4. Eradication – removing and cleaning compromised hosts, implants, malware, etc.
  5. Recovery – restoring normality and online functions.
  6. Lessons Learned – reflecting on what can be done better in the future.

Visit the SANS security card checklist HERE for a detailed look at each step.

Implanting an Incident Response Plan now, as opposed to when an attack actual occurs, can mitigate a severe difference in outcome. As with the mannequins, establishing and maintaining an Incident Response Plan might seem downright grotesque and unfamiliar. You’re not alone if it invokes a tingling up the spine, a bad taste in the mouth, and the instinct to cringe away. But it’s better to get collective hands dirty now, than to have to suffer the consequences later.

Talk to the people in charge and make sure your company has an Incident Response Plan in place. And if you are the people in charge, talk amongst yourselves and see how you can get the ball rolling. It’s important not to wait until the last moment, when the wounds are exposed.

Think about the mannequins, and don’t be dummies!

About the author

Dan Cohen

Daniel A. Cohen is the #1 Amazon Bestselling author of Coldmaker, out now with HarperCollins. His fiction been long-listed for the David Gemmell award in the UK, and his nonfiction has been featured in Writers & Artists. He lives in Austin, Texas.