Saturday, September 28, 2019

Never Waste A Good Cyber Emergency


It has finally happened. Some sort of cyber emergency. In your organization. Perhaps an emergency happening right now to someone that is reading this post.


The wise security practitioner will have already prepared their executive team for the eventuality of a large incident that pushes the limits of the team to contain.  No matter the level of your cyber maturity, you’ve been doing all of the right things.  Educating execs about your program. Clearly articulating your focus areas and gaps. Training the team. Your program is chugging forward. And then the emergency occurs.

It happens every day. All of us are due to have a really bad day at some point.  


That said, emergencies can be approached in two ways. 

One way is as a negative to be dealt with before returning back to normal day-to-day activities. The emergency interrupts whatever is being done followed by a flurry of disruptive activity. And then, a return to the daily grind.

Another is to use the emergency as a positive. A way that can confirm your program’s narrative.

Making any emergency a opportunistic part of your program’s continuous improvement process.

Capture areas for improvements your existing process and resources 

Identify newly implemented or recent changes that either didn’t result in the expected outcomes or only achieved parts of the desired outcomes.

Confirm capabilities that are high priority but remain unresourced. 

Ensure partner teams are responding in line with any commitments (formal or otherwise).

Since every emergency brings attention, you’ll want to leverage the information that you’ve learned above to get something. 

Every. Time.

New areas for improvement.
Ways to tweak the recent investment
Get more resources.
Gain a new commitment or updated SLA from a partner team. 

Something meaningful that improves your response, applies more capability, closes your gaps.

Making your organization at least a little more secure.

Every. Time. 

Follow me on Twitter for discussion and the latest blog updates: @Opinionatedsec1. Or, start your own discussion using #crazygoodcyberteams on twitter or Linkedin and I'll read it.

SEE ALSO




No comments:

Post a Comment