Andrew Latham

The vast majority of security issues in the tech industry fall into these problem areas. You can't buy security but you can plan to react faster. Maybe a better write up would help in the future but here is a mind dump.

Software or Services

  1. Is there a Source Code Management (SCM) system with matching code to what is running in production? (Hint: this is the problem most of the time)
  2. Is there a group of developers mentioned by name and with alternate contacts like phone that are knowledgeable of the code and the service? Still employees I hope.
  3. Is there an incident coordinator? **

Internet or Network

  1. Is the DCIM and or IPAM accurate?
  2. Does the issue or attack come from a Bogon or DROP list?
  3. Does BCP38 address the issue?
  4. Is the issue related to unnecessary services running on a system?
  5. Is there an incident coordinator? **

Resources

  1. ** https://en.wikipedia.org/wiki/Incident_management