The Christmas 2009 incident, when a bomber attempted to detonate explosives sewn into his undergarments while in the passenger cabin of a commercial airliner, could have resulted in a horrific catastrophe. Although near tragic, it is another example of how security savvy minded people were quick to respond and interrupt the attack. The media has focused on how the device malfunctioned, but paid little tribute to those passengers who rose up, acted quickly, and subdued the assailant. Given the fact his primary plan failed, he likely would not have stopped in his mission to do great harm. The passengers essentially stopped his ‘Plan B’ and deserve credit.
Americans will never again be subdued like what happened on aircraft during the infamous 9/11 attacks. We have learned a very important lesson. Being aggressive to assure security, in the face of an incident, is imperative. Security knowledgeable people will remain aware and act quickly when situations arise that require intervention to restore security.
These lessons translate well to the information security realm:
2. Rapid and aggressive response is important to reduce loss and restore the environment to an acceptable level of risk
3. We as administrators and users must continually learn, adapt, and evolve to security risks. The attackers continuously adapt, we must too.
What security lessons have you learned recently?