Chapter 10 - Crisis Management


As we’ve seen repeatedly, and even more glaringly in light of recent events, every company needs to plan for how they would respond to a major cyber event. No matter how strong your defensive posture is, any company targeted by a sophisticated and patient attacker can be compromised. A robust response capability is essential to containing the damage and ensuring business disruption is minimized. The key to response is having a real plan that is exercised, tested, refined, and kept current. The time for developing the plan is not when the crisis hits! This chapter outlined nine key questions that companies should consider in formulating their plan on how to respond to a significant cyber crisis. There are key elements: clear delineation of responsibilities, a decision-making process, escalation framework, and crisis communications. Ultimately, the old saying is true—prior preparation prevents poor performance!

Key Ideas
  • Having an incident response plan will allow an organization to respond more quickly and more efficiently to a cyber crisis.

  • Periodically rehearsing and pressure testing the incident response plan will increase response efficiency and reduce cost.

  • Establish relationships with law enforcement agencies, external subject matter experts in forensics and crisis communications, and regulatory organizations early and work to maintain those relationships so that they can be effectively utilized in a crisis.

  • Track and document actions taken during a crisis in order to be able to conduct an After-Action Review to enhance continuous improvement.

  • The faster an organization can detect and respond to a crisis the better off it will be.

Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity


| 703-907-7090


| 2500 Wilson Blvd, #245
Arlington, Virginia 22201


ISA provides cybersecurity expert testimony and thought leadership in government and serves as an expert witness to the press.