top of page
Search

Key ingredients to proper incident management


Today we want to share some of the lessons from the trenches we learned over the years, and which influenced the creation and development of Breach Commander.


From our experience leading incident response engagements across high-pressure, highly regulated environments over the past 20 years (military, legal, financial, insurance, healthcare, and others), we believe that effective and proper incident management requires 3 key non-negotiable ingredients.


3 key ingredients for effective incident management


Enablement from top management

  • The ability and confidence to support decisions made in difficult and ambiguous moments

  • Managerial courage to apply contingency procedures without much hesitation

  • Clear judgment to separate “urgent” from “important”


Dedicated incident managers

  • Trained, rested, ready and dedicated: not merely wearing an ad-hoc duty hat

  • Empowered with real authority to act and delegate

  • With deep knowledge of business operations and sufficient cyber literacy to understand impact, risk, and dependencies


Manic human communication and collaboration

  • Internally: to ensure maximum mobilization

  • Externally: to maintain trust with clients, partners, regulators, and other stakeholders



And we’re not reinventing the wheel with this model.

Let’s consider 2 real-world analogies we can all relate to in some way:


The Emergency Room

  • Staffed 24/7/365 by dedicated and trained specialists

  • Critical cases and mass casualty events trigger response protocols with all-hands-on-deck mobilization

  • Every second counts, and the entire focus is on saving lives at any cost

  • Other units are informed, priorities are adjusted, and less urgent expectations are managed


Firefighting

  • A lot of the work efforts are done outside the fire scene

  • Teams train, stay ready, maintain their gear and tools, and rest (sometimes), so they are always prepared

  • When the incident happens, decisions are made quickly and actions are deliberate

  • No one waits for permission to hammer down a door to save a life on the other side (though they may try to turn the handle first or quickly look for a less expensive door nearby)


If we think this through, that is why the most mature and regulated organizations typically maximize their preparedness with a:

  • A Business Continuity Plan (BCP)

  • Disaster Recovery Plan (DRP)

  • Incident Response Plan (IRP)

  • Clear and Communicated RACI matrix (Roles and Responsibilities)


These provide a shared understanding of duties and decision paths, so that people don’t have to figure everything out on the fly in the middle of a less-than-ideal situation.


And still, even with the best plan in hand, surprises and unknowns always find a way to show up and crash the party. An opportunistic quote from a famous boxer offers an almost perfect summary:

“Everybody has a plan, until they get punched in the face.” -Mike Tyson

Which brings us back to the importance of the 3 main ingredients above, for a solid and dynamic approach to incident management in the face of uncertainty and chaos.


Breach Commander was created with all that in mind, so that you can focus on managing the incident and not manage the management of the incident.



Visit breachcommander.com and see how it bakes the recipe with those key ingredients.


 
 
 

Comments

bottom of page