Hey just wanted to know does LTT have an BCM/DR/IR policies?
I work in the public sector as a Cybersecurity Auditor, part of my job is assessing Business Continuity Management, Disaster Recovery, and Incident Response plans and providing regulatory recommendations when I find areas of improvement. I was quite stressed out just listening to WAN show yesterday hearing Linus and Luke talk about the events that took place.
To me it sounded incredibly disorganized from my perspective. Thinking about it, in the event of a cybersecurity incident is it really best practice to have an angry naked linus try to just figure it out? I mean, typically the incident response team will wear clothes. I heard at one point Luke tried to call Dan super early in the morning. Was that because you guys have a call tree in policy that was supposed to alert Dan? What if it was absolutely imperative Dan needed to be reached, do you guys have alternative contact information in IR policy? For this incident specifically does LTT perform Phishing Testing/Training on users? I was also listening and heard some changes going on related to IAM, I would have questions related to that to. What if this was an environmental, economical, or polical/hacktivism issue, does LTT have contingency plans to deal with those? Procedures for alerting your stakeholders including the public, does LTT have those in place? When listening to the WAN show it sounded like areas of BCM/DR/IR were addressed during the issue instead of getting your ducks in a row prior to this all going down.
I don't expect answers to these questions, it shouldn't be public information for LTT's own protection.
TLDR: Does LTT have BCM/DR/IR policies to help address incidents?