Security operations vary from company to company. How they and the supporting architecture are configured and resourced depends on their organization’s culture, industry, size and risk tolerance.
It’s up to each security team to decide whether the control and access to critical information are centralized, decentralized, or somewhere in between. However, there are certain best practices crisis leaders should consider when approaching and using the real-time information they have in order to effectively manage risks.
To that end, here is a question-based checklist that you can use to address specific areas of risk. It applies to mature and sizable security teams, as well as those that are nascent and/or small. You’ll find that the questions are designed to prompt thought and discussion as much as they are to identify gaps and areas for improvement.
Do your security operations manage emerging risk across its ecosystem?
It is the eventualities that haven’t been considered or planned for that will likely stress an organization the most. Success requires you to establish clear priorities, create an instinctive purpose and mutual understanding between leaders and teams, and strive to be efficient and effective even during the most routine days.
How do you operationalize risk information and intelligence?
There can be a fundamental misunderstanding of the difference between information and intelligence. To turn information and data feeds into intelligence, you need to understand and apply the business-related context. This is a critical step in turning relevant information into actionable intelligence.
An intelligence collection plan should be dynamic, rather than static, and supported by real-time information. For example, if you want to have early warnings of any emerging risks to your global real estate, you’ll need real-time information alerts on specific and well-defined real estate criteria. You can then determine how to turn that real-time information into actionable decisions that support intelligence.
How do you communicate security risks across the enterprise?
When security leaders step into crisis leader mode, they often want to have all the answers before communicating the risk. While time and space are crucial to sound decision making, in times of crisis, providing a “good enough” answer is preferable to a perfect answer. The information you think of as incomplete will help you address the risk as early as possible.
Learn how organizations like yours use Dataminr Pulse to stay ahead of and mitigate risks in order to safeguard both their people and assets.
Al Bowman is an Enterprise Account Manager at Dataminr. Before joining Dataminr, he designed, built and led Deloitte’s Intelligence Services Center in London. Prior to that, he served in the British Army, where his final role was as the Director of the Army’s global risk and intelligence center.