By Martin Welsh and Keith Taylor
Too often information security incident response plans, disaster recovery and business continuity plans are not aligned with the overall corporate crisis management process. Now, more than ever, an organization must be able to quickly respond to a security breach, both from a tactical response and via a strategic corporate message. In this article we will discuss the benefits of, and offer an approach to, integrating the security response process into the overall corporate crisis management plan.
Similar efforts go into building, managing, exercising and maintaining both security incident response plans and overall corporate crisis management plans. For most organizations the escalation, notification and decision making process is similar, regardless of the incident. The struggles organizations encounter, while developing these plans, also tend to be similar. Building awareness, understanding roles and responsibilities, allocating time and resources (financial and human), can all be impediments to sound response plans.
Better plans can be developed by overcoming these shortcomings through integration.