With the right approach to incident management, organizations can achieve the agility and resilience they need to best prepare for and withstand disruption.
A senior executive is traveling from New York to Paris to attend a conference. A power outage disrupts a manufacturer’s operations. A cyber attack exposes a retailer’s confidential customer data. These are just a few examples of the myriad risks and events enterprises face in today’s complex threat landscape. Whether a minor incident, massive crisis or something in between, without an effective incident management strategy, organizations are at risk of facing business disruption, which can impact their people and assets.
Here, we outline five best practices for incident management that are vital in ensuring organizations can prevent, mitigate and quickly recover from risks and events.
This step is critical. When businesses proactively plan for risks and events they are better prepared to manage incidents and take action. Response and recovery times are greatly improved because “the how and what to do,” if and when an incident occurs, have already been defined and agreed upon.
That requires organizations to develop two key planning components: 1) an incident management framework and 2) an incident response plan. While inextricably linked, there is a distinction between the two. Frameworks outline how to best structure incident response operations, while response plans outline steps to take in the event of an incident. Organizations need to have both as incident management frameworks provide the what and incident response plans provide the how.
Organizations should ensure both their framework and response plan take into account all types of risks, both known and unknown.
These are the risks and events you know are going to—or have a high probability of—happening. Some you know of because your organization has planned them; others are known because they’re an annual or frequent occurrence. For example:
There will always be unknown risks and unforeseen events with which to contend, but that doesn’t preclude organizations from anticipating and planning for them. Oftentimes, organizations have an inkling as to what could be a potential risk or what type of event might disrupt business operations. For example:
Now that you’ve identified known and unknown risks, and created a framework and plan for how to address them, be sure that you have the talent and tools in place to detect potential threats. Planning—no matter how comprehensive and extensive—can become futile if you’re not able to do so.
The challenge is how to uncover threats in the time needed, and then quickly determine the potential impact on people, assets, locations and business operations. Leading security operations teams recognize this and, as such, embed the following into their security workflows:
Effective collaboration is critical in incident management. Make sure you and your team prioritize communication and transparency, and are able to efficiently coordinate response protocols and critical information flows before, during and after an incident.
“Many of the organizations we work with find that using a centralized tool—where collaboration can occur quickly and efficiently—improves their ability to make operational and strategic decisions that protect their employees, business and brand,” said Rob Crowley, Dataminr Senior Director of Strategic Product.
Here, ease of use is crucial. Look for solutions that help you to:
After an incident, it’s vital to understand how you performed—it helps determine the root cause and helps you to continuously optimize your playbooks and security workflow(s).
Employ tools that record minute-by-minute activity logs so you can get a full picture of how well an incident was managed, study the do’s and don’ts that emerge, and share analyses with key stakeholders so that you’re more prepared for the next potential risk. This includes identifying which types of incidents are most frequent, or which of your locations are most at risk for smart resource allocation and continuous planning.
The National Institute of Standards and Technology’s (NIST) incident response framework includes key questions that you should ask yourself during the post-incident evaluation:
Organizations that have a strong, well-communicated and understood risk culture—one that includes all employees, across all levels and roles—are more likely to have successful incident management programs and practices.
Here are five ways to promote and improve your business’ risk culture, according to RiskOptics:
While each organization may approach incident management differently to best meet their needs, the five best practices outlined above—when successfully implemented—will help enhance their existing security workflow and improve security posture. The result: enterprises can better mitigate risks and disruptions, strengthening their overall business resilience.
See how organizations like yours use Dataminr Pulse for Corporate Security to effectively manage risks and events in one place—an end-to-end solution that enables security teams to better protect assets and manage disruptions, helping organizations become more resilient against today’s risk landscape.