Security operations vary from company to company. How they and the supporting architecture are configured and resourced depends on their organization’s culture, industry, size and risk tolerance.
It’s up to each security team to decide whether the control and access to critical information are centralized, decentralized, or somewhere in between. However, there are certain best practices crisis leaders should consider when approaching and using the real-time information they have in order to effectively manage risks.
To that end, here is a question-based checklist that you can use to address specific areas of risk. It applies to mature and sizable security teams, as well as those that are nascent and/or small. You’ll find that the questions are designed to prompt thought and discussion as much as they are to identify gaps and areas for improvement.
Do your security operations manage emerging risk across its ecosystem?
- Do you have a clear idea of where your customers, people and assets are at any given time? And is your technology stack suitably configured to track their proximity to emerging risks?
- Can you identify emerging risks at the earliest opportunity and map them to your enterprise risk?
- Do you have suitable people, processes and technology in place to take advantage of real-time information that allows you to mitigate risk at the earliest opportunity?
- Do you have a means of identifying and staying abreast of risks in real time and as they unfold? If not, are you and your organization comfortable with the risk inherent in not having a means for doing so, including how to recover and continue business as usual?
- As security teams are often the first to be aware of emerging physical risks, do you have a process in place for when and how to communicate those risks and which parties within your organization should receive the information?
It is the eventualities that haven’t been considered or planned for that will likely stress an organization the most. Success requires you to establish clear priorities, create an instinctive purpose and mutual understanding between leaders and teams, and strive to be efficient and effective even during the most routine days.
How do you operationalize risk information and intelligence?
- Do you have suitable operating procedures and tracking methods in place to ensure the right people are aware of emerging risks and are equipped to deal with them?
- What are your business’ critical information requirements? And how do you map incoming data to those requirements?
- Does your team understand the difference between information and intelligence, and what to do with both? What needs to happen to information in order to turn it into intelligence? Who is responsible for the task?
There can be a fundamental misunderstanding of the difference between information and intelligence. To turn information and data feeds into intelligence, you need to understand and apply the business-related context. This is a critical step in turning relevant information into actionable intelligence.
An intelligence collection plan should be dynamic, rather than static, and supported by real-time information. For example, if you want to have early warnings of any emerging risks to your global real estate, you’ll need real-time information alerts on specific and well-defined real estate criteria. You can then determine how to turn that real-time information into actionable decisions that support intelligence.
How do you communicate security risks across the enterprise?
- Are people who need to take action fully informed with the latest and most granular information?
- Have those who need to be aware of risks, but might not have to take action, been informed about how to react?
- When there are high-profile events, do you have a process in place to manage multiple stakeholders—especially when not all have access to the same information—in a way that ensures doing so doesn’t require more effort than is needed to manage the actual event?
When security leaders step into crisis leader mode, they often want to have all the answers before communicating the risk. While time and space are crucial to sound decision making, in times of crisis, providing a “good enough” answer is preferable to a perfect answer. The information you think of as incomplete will help you address the risk as early as possible.
Learn how organizations like yours use Dataminr Pulse to stay ahead of and mitigate risks in order to safeguard both their people and assets.
