Chapter 10 - Crisis Management

summary

As we’ve seen repeatedly, and even more glaringly in light of recent events, every company needs to plan for how they would respond to a major cyber event. No matter how strong your defensive posture is, any company targeted by a sophisticated and patient attacker can be compromised. A robust response capability is essential to containing the damage and ensuring business disruption is minimized. The key to response is having a real plan that is exercised, tested, refined, and kept current. The time for developing the plan is not when the crisis hits! This chapter outlined nine key questions that companies should consider in formulating their plan on how to respond to a significant cyber crisis. There are key elements: clear delineation of responsibilities, a decision-making process, escalation framework, and crisis communications. Ultimately, the old saying is true—prior preparation prevents poor performance!

Key Ideas
  • Having an incident response plan will allow an organization to respond more quickly and more efficiently to a cyber crisis.

  • Periodically rehearsing and pressure testing the incident response plan will increase response efficiency and reduce cost.

  • Establish relationships with law enforcement agencies, external subject matter experts in forensics and crisis communications, and regulatory organizations early and work to maintain those relationships so that they can be effectively utilized in a crisis.

  • Track and document actions taken during a crisis in order to be able to conduct an After-Action Review to enhance continuous improvement.

  • The faster an organization can detect and respond to a crisis the better off it will be.

Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity

CONTACT

| 703-907-7090

| admin@isalliance.org

| 2500 Wilson Blvd, #245
Arlington, Virginia 22201
USA

ABOUT

ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.

SEARCH

Gary McAlum, Chief Security Officer, USAA

Gary McAlum is the Senior Vice President and Chief Security Officer at USAA. Prior to USAA, he served in the US Air Force for 25 years in a variety of staff and leadership positions within the information technology career field including telecommunications, deployable and satellite communications, network operations, and information security and with the front line of cyberspace operations for the Department of Defense. He holds a bachelor’s degree in Mathematics from The Citadel, a master’s degree in Management Information Systems from the University of Arizona, and a master’s degree in national resource strategy from the Industrial College of the Armed Forces. In addition, he is Certified Information Systems Security Professional (CISSP) and a Certified Fraud Examiner (CFE).