Data Breach Preparation and Response by Kevvie Fowler

Author:Kevvie Fowler [Fowler, Kevvie]
Language: eng
Format: epub
Publisher: Elsevier Inc.
Published: 2016-06-08T00:00:00+00:00

Executing Your Plan and Following the Facts

A statement I like to use is “people lie, data doesn’t.” Some of the statements taken during interviews conducted at the early stage of the investigation may not match the data. There are two reasons for such discrepancies, innocent mistakes and deceit. Innocent mistakes happen when people unaccustomed to high pressure situations such as an incident response are pressed for answers they may not have or fully understand, coupled with the fact that senior management is very likely looking to them for answers (and likely for someone to blame). These misstatements are not an intentional effort to deceive, but rather attempts to cover for the incomplete understanding of the situation or to embellish that individual’s perceived level of technical competence (remember, their job may very well be at stake). So when this happens (and it will), don’t be surprised and don’t take offense. They are just people who are scared and are trying to do their best in the middle of a terrible situation.

Incident response investigations are stressful events. Our team regularly tells our customers that, “your worst day is our everyday.” Being an experienced responder means that you will eventually become comfortable in these types of high stress situations, and may even find you enjoy and thrive in them. Don’t make the mistake in thinking that the victims you are working with share your level of comfort. Use your experience to become the voice of calm and reason that brings sanity to an otherwise insane situation.

The other reason for a misstatement, as I have indicated, is an intentional effort to deceive. In my experience, the reason for these situations is that the individual feels threatened by the situation in that their façade of professional and technical competence is going to be destroyed. Like other animals, when human beings are backed into a corner and feel threatened, they will take whatever steps they deem necessary for self-preservation. During an incident response investigation, that means doing whatever they have to do to ensure that the blame for the situation does not fall on them. Whatever the circumstances may be, if you have reason to believe an insider within the victim organization is being intentionally deceptive, legal counsel should be notified immediately.

In either situation, the best way to address the problem is by being direct; ask a lot of direct questions, take copious notes, and conduct follow-up interviews or send summary emails. Let the interviewee know that you appreciate their time and insight into the situation, and that since their statement will become part of the investigation report you want to make sure you have all the facts correct (ergo the reason for the follow-ups). When people know that what they are saying is going to be written down, and will become part of an “official report” (whether that’s true or not) they are less likely to lie or embellish. Those that insist on maintaining their “throne of lies” will eventually be found out during the investigation.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.