Thursday, February 28, 2008

Becoming a better incident handler

On occasion I find myself poking around the net in search of military doctrine or other military papers. People certainly quote Sun Tzu constantly; mainly since they sound so clever. Of course these quotes come directly from "The Art of War" which is why I like the military doctrine stuff. The items the military publishes isn't trying to mystify or be clever but to turn the "Art" into "Science".
I submit that achieving a science to information security- specifically event handling and response- is what the entire community should strive towards.
This involves training, experience, developing methodologies, confidence in one self, leadership and hardcore skills. These things do not come quickly.
For a good time now I reflect on Blooms cognitive domains taxonomy to rate the training and general skillset. (Can you tell my wife is a teacher?) I still need to internalize those verbs to be able to significantly push boundaries. By this, I submit that asking questions such as "what happened?, what worked, what didn't work?" during debriefs of events is not nearly as effective as asking "How would you classify the event, Do you agree with X, Further break down the implications of X" etc.
But the other day John Robb posted an intriguing synopsis of current events. In that post he referenced the OODA loop which I was completely unfamiliar with. I like how it breaks down the decision process and I believe that understanding this feedback loop can have an even higher impact as an incident handler.
Additionally, Chet Richards has an excellent powerpoint on the OODA loop.

No comments:

Post a Comment