Incident response - practice makes ready

It might surprise you to learn that I had no interest in security, computers or IT until I was well into my twenties. In fact I wanted to be a pilot in the RAF but failed the application process and joined the forces out of sheer stubborness anyway. My first posting after training as an assistant air traffic controller was to a fighter base – RAF Wattisham – in Suffolk. I learnt a fair bit about risk during my time there. Rule number one was to never assume anything. Fast jets move…er…fast! Take your eyes off them for a moment while they’re flying around the airfield and you’ll quickly lose track of what’s going on.

Safety processes were critical and drummed in through continual training. In the event of an incident the requirement was to be able to respond instantly and instinctively. These days, incident response at work is rather less likely to be dealing with potentially fatal consequences however, I still maintain that it’s important to have IR processes regularly reviewed and practiced. It’s the same reason as why they always tell you to read the flight safety card on an aeroplane. Having just read the card means that you will respond faster in an emergency because you’ll mentally plan the actions you’ll need to take.

So too with incident response plans at work. If you don’t review and practice them then no-one will know what to do, or who to call. Of course, I’m preaching to the choir here because you all regularly review your IR procedures. Don’t you? Actually, when was the last time that you did?

My advice is not to make the plan too specific to any expected incident, keep it short and simple, and focus first on resolution and cause rather than the actual event trigger. My document focuses on incident identification and communications. Handling an incident and, more importantly, recovering, requires a clearly defined and strict chain of command.

My RAF days are a long way behind but I meet a lot of people in the security business who are also ex forces. Only last week I was introduced to another industry ex-forces person as being an ex-officer. I quickly corrected the guilty party. I enlisted and worked for my living!

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close