This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Front Range OWASP Conference 2013/Sessions/Sess4 Mgmt2

Jump to: navigation, search

Crafting a Plan for When Security Fails

A computer security incident, whether an exposed system with protected data or a hacked application, requires a planned response to quickly address and contain the threat. We exist in a world where having a plan is a necessity. Companies in various industries possess vast amounts of regulated and confidential data; this arrangement places a great amount of responsibility on the custodian. Unfortunately, in today's world, it is almost inevitable that you will be the target of an attack or mishandle data that may cause a potential exposure. Do you have a codified plan that helps guide your response?

CSIRPs are robust documents that are difficult to create. Developing a CSIRP that takes into account organizational culture and existing structure, creates buy-in from various departments, and is applicable in a wide array of emerging and existing threats while balancing substance and brevity may be a herculean task.

This presentation will provide the basis for the need for a CSIRP, discuss pitfalls and strategies when crafting CSIRPs, explore common ways they fail, and offer tips to create a healthy, viable, and useful process to use when confronting a computer security incident.

This presentation is geared towards those wishing to learn more about creating a viable computer security incident response plan (CSIRP).

Slides Video

Robert Lelewski

Robert Lelewski is an Engagement Lead for IBM's Emergency Response Service and is the lead of IBM's Computer Security and Incident Response Plan (CSIRP) offering. He has worked on numerous cases involving the topics of intellectual property theft, malware analysis, embezzlement, child pornography, and other issues. He has testified before state and federal courts and has been endorsed as an expert on computer forensics.

Robert holds a Bachelor degree in Economic Crime Investigation from Syracuse University, a Masters degree in Technology Management and a certificate in Research and Development Management from the University of Denver, and is currently pursuing a Masters of Business Administration from the University of Northern Iowa. Additionally, Robert holds several computer forensic and security related certifications including the EnCE, ACE, CCE, CISSP, CISA, CISM, Security+, and CASP.

Robert Lelewski