So far in this organizational resilience journey, we have focused mainly on the planning phase, or, as some call it, ‘left of the boom’. For a moment, let’s look at a ‘right of the boom’ (post-incident) theme: crisis management (CM), an important component of your cyber resilience planning.
A good CM plan will be part of a larger governance cybersecurity framework (a topic that we look at in the next piece) and has an emphasis on a vital attribute: communications. Carrying out a CM plan requires knowing roles and responsibilities, when to escalate, when to act, and what (and what not!) to say.
How Cyber Resilience Is Like a Movie
Imagine an incident or cyber resilience crisis to be like a movie. First, you will be introduced to characters (roles). Then, you will learn to understand how they interact (responsibilities). You will then see them respond to an incident (escalation). And finally, see how they respond (act).
In your typical CM plan, your cast of characters will include your security operations center analysts, incident response (IR) team members, supervisors, the chief information security officer, the C-suite, board, general counsel, communications staff and even external partners (think public relations firm, external counsel, external IR consultants, third-party vendors, law enforcement and even news agencies). All these characters have a role to play.
Let’s go back for a moment to the governance issue. If you are running in a disparate manner, the phase after the incident will feel like chaos whil ..
Support the originator by clicking the read the rest link below.
