3 main things to consider when an incident occurs

Af Jesper Erbs, Systems Engineer, Conscia

Incident response

What happens if the IT heart attack button is pressed? Do the IT personnel know what to do? Do your coworkers outside the IT organization know what to do?

I recently spent a couple of days in the hospital while my wife and newborn son were recovering from a c-section.

During our stay, I spent some time looking for minor suggestions that the hospital was prepared for handling crisis situations. I noticed there was a heart attack button in every room, and at one point, when we were visited by a nurse in our room, an alarm went off. The nurse simply stated in a calm manner ‘I will be right back’. She got up and went to the door of our room and exited quietly. Once the door was closed, I could hear her run towards the blaring alarm.

As an IT professional, I couldn’t help reflecting on the similarities between handling a medical incident and an IT incident. The first question that comes to my mind is; what happens in your IT organization when a critical IT incident occurs? Do you have a heart attack button?

If the answer to the above is yes, have you ever tested your heart attack button (…incident response)? What happens if the IT heart attack button is pressed? Do the IT personnel know what to do? Do your coworkers outside the IT organization know what to do?

Get your incident response plans out and test them – For most IT organizations, small or large – It is a good break away from the normal day-to-day projects and maintenance. If you don’t have an incident response plan, create one or ask a partner to help you create one that fits your business.

You might think how do we test for a new type of attack? Or an unexpected event?

Start by figuring out what to do in the event of an incident. The nurse in our room didn’t know if she was running towards a heart attack or a kid that pressed the heart attack button at random. She knew what to do when the alarm went off; She had to run towards the alarm, and she knew what gear to bring in case she was running towards a heart attack.

Here are a few examples to get you started:

  • Where do you meet up in case of an incident? In a meeting room or in an online meeting?
  • Who arranges the meeting, and what happens if the person who arranges the meeting is unavailable?
  • Who should meet up? Is it the same people for different IT systems?
  • Which leaders/decisionmakers do you need in the room? Do you have the financial backing to shut down an entire office with 100 workers for example? Or do you have the CXO on speed dial?
  • Do you have systems, where you depend on externals? Is there an SLA to bring them in?

Once you have tested your incident response, reflect on what went right, what could be improved and update your plans accordingly. In a critical incident, like a heart attack, every second counts. Ask the people involved to give feedback as well. What could have improved the reaction to an incident?

But most importantly, start by considering

  1. Do we have an IT heart attack button? And if we do, what happens if someone presses the button?
  2. Do the right people know what do to?
  3. Do our co-workers know, where the button is, or is it hidden in the dark corner of the intranet along with the incident response plans?

Mere om sikkerhed

Computerworld Strategic IT Security 2021

Strategic IT Security 2021

I samarbejde med Jobindex inviterer Computerworld til en interaktiv, digital konference den 22. april 2021. Her tager Conscia dig med på en rejse, der skal...
Read more

Effektivisering og automatisering af IT-sikkerhed med SOAR

Du vil i dette webinar lære om løsninger, der får sikkerhedselementerne i IT-infrastrukturen til at arbejde mere effektivt og automatiseret, samt hvordan din virksomhed bliver...
Read more

Computerworld Digital Summit Days 2021

Kom og "mød" Conscia ved Computerworlds digitale konference fra d. 23.-25. marts 2021. Programmet byder på en masse interessante sessioner hvor Conscia også bidrager med...
Read more

Kom i mål med en end-2-end sikkerhedsløsning i datacentret

Mange virksomheder finder - naturligt nok - segmentering og micro-segmentering svært. Oplev hvordan en Algosec løsning kan hjælpe med at komme i mål med et...
Read more
Se alle blogindlæg