When a computer incident occurs, it takes time to organize a team to respond to the need that has just been created.
So it is obvious that a team must be ready and well prepared before the incident even occurs. This will have the merit of not only reducing the consequences but several advantages to be related to them.
This article will also interest you: The safety of biomedical equipment in the face of the problem of certification
"Incident response is an essential but potentially sensitive thing. It is important to plan, to establish the roles and responsibilities of each, to decide how and when crisis communication should be initiated, and to consider whether to call on outsiders – legal advisors, local authorities, and digital investigation specialists.
Some practical steps can be taken to ensure that there is an adequate team and response plan that involves the right stakeholders, including external stakeholders. Given all the things that need to be addressed, team building is one of the first things to deal with: the people needed, the people available, and the best way to hold them accountable. says Ed Moyle of SecurityCurve.
In practice we it's worth that computer incident of several skills. In this area as in another, it is very difficult to intervene alone and be effective. Ed Moyle means: "No individual or functional domain can carry this alone. There are two reasons for this. First, the team must be empowered to take action – file a complaint, inform partners and the media, interrupt technical services, but also incur exceptional expenses for external specialists, for example. This requires the stakeholders who contribute to these decisions and the decision-makers who will influence them. It is important to involve these people early on or to be able to mobilize them quickly. ».
Let's note one thing that is very important about computer incidents. It's hard to predict that it's impossible. And each its computer has its own peculiarity. This makes it difficult to determine in advance what skill will be needed to resolve it. This explains the importance of having a team with several skills. However having a staff with skills to nothing is not enough. They should be organized. Prepare them and find a way to reach them in advance. "In practice, it's almost always good to start with a small, agile group as a core team. This group represents those directly responsible for managing the incident as it develops. A small team can be more agile and react more quickly than a large, cumbersome committee: they can make decisions and communicate updates quickly, while a larger group takes longer to gather resources and get everyone in tune.
It may therefore make sense to keep a small, agile team at the centre and to establish external links with other groups when additional skills, stakeholders and decision-makers are needed. ». According to Ed Moyle.
Perhaps the advantage in setting up a response team is that there are no specific requirements for the type of person to be involved. But it means hearing command to always involve the management company, the legal department, physical security, not to mention human resources. It would also be important not to forget to designate "who leads the group. explains the securityOne expert. Indeed, when solving a computer problem it would still be necessary to ensure that you do not face friction. "And this role of team leader provides an unambiguous point of contact for executives, enabling quick decision-making and clear arbitration of disputes. notes Ed Moyle.
The last important point and no doubt have at its disposal people with the necessary skills to understand the use, design and evolution of technologies, applications and even the environment of the technical organization. People who are able to research the clues to identify compromise. It is not out of the question to use external skills if necessary.
Now access an unlimited number of passwords: