The most important aspect of handling threat or risk is time. It will take time and considerable resources to track the threat down. One of the problems with this time factor is executives who operate in their own dimension. If they are getting beat up by the stakeholders they are going to want answers and results NOW. If your explanation is, it’s going to take time; you might be looking for a new job. The best approach when dealing with executives and their dementia is to feed them real and usable information to keep the heat off.
For example, if you put some status presentation together outlining the process used to capture all traffic off the core switch SPAN port and that you installed a removable media monitoring solution on all clients, you will either get a deer in the headlights look or have teeth marks in your rear end. This is the problem with tech folks and executives, failure to communicate. Since the executives run the business and sign the checks, guess who needs to learn the others language?
One of the most difficult tasks for tech savvy employees to overcome is writing or creating outside technical boundaries. Think about it this way. How is capturing traffic off a SPAN port going to help someone explain progress or satisfy stakeholders? It is focusing the effort through administrative clandestine operations to identify malicious or criminal activity. See, an executive can run with that statement way more than “We plugged a Niksun into our SPAN port, captured all traffic, rebuilt TCP/IP sessions, and are using filters to identify activity outside our baseline.” You also accomplish another mission by keeping it high level and “gray”. Executives are notorious for inadvertently leaking information. You need to keep your security analysis methods classified and on a need to know basis. Unless an executive wants to know exactly what you are doing, just give them enough high level information to keep them happy.
IT types get too wrapped up in details. Executives don’t care about details, especially technical details. They speak in generalities and commit to nothing just like politicians, and this is no coincidence. The more details provided, the more pigeon holed they feel and that is never good. Remember teeth marks.
