My favorite graduate course in the Norwich University Master of Science in Information Assurance Program is the "Computer Security Incident Response Team Management" graduate seminar which I developed some years ago based in part on an extensive series of articles on the subject that appeared here in the Network World Security Strategies and that I collected for readers in a single document freely available on my Web site along with a free companion CD-ROM from the Defense Information Systems Agency on the subject.

In 2008, I was blessed with five excellent students who not only wrote their weekly essays well but also participate enthusiastically in the weekly discussions (we have three or occasionally four topics for them to use in sharing insights and experiences) and in Week 9 of the 11-week course, one of the questions was as follows:

"Postmortems are conducted in many other fields – well, for example, as autopsies! But perhaps some of you have actually participated in non-CSIRT teams where a postmortem was standard operating procedure. Examples might include, say, a sports team, any kind of problem-solving team, a marketing group looking at an advertising campaign, a group of professors evaluating a new course, and a group of detectives or attorneys looking at how an investigation or a courtroom proceeding turned out. Please share interesting experiences of this kind with your classmates and see if any of your insights can be constructively applied to CSIRT management."

In collaboration with my students, I am publishing a lightly-edited summary of their discussion in this column and the next in the hope that readers of the series will enjoy their comments as much as I did.

* * *

Tikuo Chen wrote, "When I was back in California, I belonged to a very well run Cub Scout organization which routinely used post-mortem like analysis to figure out how to make pack activities more enjoyable for the scouts and their families. Just over two years ago, after a couple of the den leaders shared concerns during one of the pack planning meeting about how some dads were becoming a bit too hands-on in managing their scout's pinewood derby cars, we undertook a concerted effort to figure out how we could put the focus back on the scouts. …[W]e decided to create more hands-on opportunities for the scouts. Instead of just one main event where the scouts essentially place their cars on a gravity track and watch the cars run, we added two more equally prestigious events (e.g. top performers earned the same trophies, but there was a one-trophy per person limit). 

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services. CV online.