Knowing how to react is everything

By

I have always emphasised the importance of visibility and forward thinking in enterprise security. However, in my experience, incident management is the most important, yet least well-executed, skill in all organisations.

It's a subject that's rising up the management agenda. It has its own chapter in the latest version of ISO/IEC 17799. And it's crucial to get it right in any business environment that faces immediate threats from both technical attacks and physical ones such as terrorism and bird flu.

Knowing how to react is everything

And we're now entering the critical convergence period, when several trends combine to produce a step change in our security risk profiles. A time when we might actually experience the "electronic Pearl Harbor".

And we are not well prepared. No one manages a crisis perfectly, although some do better than others. On a scale of ten, I've never seen an organisation get beyond three or four. That's because it's an exceedingly difficult skill to master. It's not understood, taught or practiced anywhere near well enough.

Start by asking whether you can distinguish between an event, an incident, a disaster, an emergency and a crisis; and between emergency response, business continuity and crisis management. Three very different, but complementary, skills that need to be executed by different people at different levels and skills and focusing on different deliverables.

At the frontline, you need teams of practical, hands-on experts who can quickly restore a failed service. Behind the scenes, you need diplomatic business managers to implement creative contingency plans for customers.

And at the top, you need a strategic crisis team to think ahead and safeguard key intellectual assets such as reputation and market capitalisation, as well as managing the reaction of shareholders, regulators, citizens and media.

Even assuming you have all the right structures in place, you then have the formidable task of coordinating the actions of an extended-enterprise value chain of business units in different locations, with separate reporting lines and varying levels of empowerment.

So it is not surprising that the processes and skills to manage a serious incident are thin on the ground.

It's a challenge. You need to be creative, challenging, objective, strategic and decisive. You must forget your day job and assume a different role. You must gain the trust and authority of the business.

It is crucial to take precise notes, manage numerous actions, brief your management, and yet be open for emergency communications at all times.

It is a thankless, demanding task. But if you can respond well, your organisation will be admired, while if you respond badly, your share options will be worthless.

Two very good reasons to try your best to get this right.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?