It’s Friday morning. A hot cup of coffee sits on your desk as you settle in and prepare for the day. Just as you raise the cup to take a drink, you receive a system alert. The organization’s website is down. Then, another alert. Another critical system is not responding. You calmly take a sip of your coffee. Responding to a major incident or crisis is never a scheduled event, but you know your team is prepared.
Your organization has a Crisis Management Plan in place that staff and stakeholders have practiced and improved over time. You know that humans are more likely to make mistakes and not perform at their peak level during a crisis, so you’ve made decisions and created a plan ahead of time to prepare.
The Plan answers the “Top 3 Things”: Who, What/When, and How of response actions at the organization and brings order to unexpected events.
1.) You know Who. You have assigned, documented, and clearly communicated response roles to all involved. Incident Response Team members with a role in every incident have been assembled and additional members that may take a role in specific incidents have been identified. To ensure everyone understands what actions are required of them during an incident, a responsibility assignment matrix, or RAM, was developed. The RACI matrix, which stands for Responsible, Accountable, Consulted, and Informed, is a commonly used RAM. It is used to establish clear responsibility for performing tasks related to response and provides a visual for quick reference during an incident. The exercise of developing the matrix allowed your organization to identify additional stakeholders impacted who, at minimum, need to be informed at major milestones. By documenting responsibilities your organization has ensured the appropriate stakeholders are both consulted and informed at appropriate times.
2.) You know What/When. You have documented steps of your response by developing flowcharts. The visual format of flowcharts allows staff to determine critical decision points during an incident and recognize missing information when preparing response. And the RAM you prepared? Each step in the flowchart is clearly assigned and includes steps and responsibilities identified in matrix. Decision points in the charts also include specific responses in case protected data, such as payment card data or personal health information is involved. Communications to internal and external stakeholders have been considered and are included in key points of the plan.
3.) You know How. Your team has resources in place to allow them to focus on response. Templates for documenting the response and for communicating to stakeholders are in place. These resources are available to limit the number of decisions the Incident Response Team needs to make in the spur of the moment. The exercise of preparing communication strategies and templates provides opportunity to identify additional stakeholders, both internal and external, that should be included. Of course, the appropriate spokesperson was designated and recorded in the RAM.
Bonus Tip: You’ve Practiced. Practice makes perfect but responding to an actual crisis is the kind of practice most of us would prefer to avoid. Going through the process builds confidence in response staff, helps identify missing steps in the Plan, and allows for adjustments as processes change. Your team practices the plan at least once annually looking for ways to enhance the plan and improve future responses.
Planning ahead makes all the difference in the effectiveness of response, especially when the pressure is on. CampusGuard is here for you to plan and prepare. Whether it’s a Tabletop Exercise, Security Awareness Online Training, or many other cybersecurity services. Contact us today!
