This is the third in a short series we’re writing for our friends at SurfWatch Labs on applying the Preparedness Cycle to Cyber Risk Management (read parts one and two here).
One approach to supporting preparedness — which we defined as a continuous cycle of planning, organizing, training, equipping, exercising, evaluating, and taking corrective actions to support effective incident response — is to apply a deliberate process to reduce our risks. That deliberate process is the Preparedness Cycle. As we continue through that Cycle, we now move on to the next step in the process – Organizing and Equipping. I often feel like this step is an unloved child in the preparedness family — frequently glossed over as planning, training, and exercise usually get more attention. In reality, this step is critical and is more present in our day-to-day operations than the rest of the preparedness activities…
There are a lot of great tools and resources out there. Some awesome technology solutions and some great talent. But not all are right for you and your organization and those that work today, may not fit tomorrow as your organization, and the threat environment, change… to the aforementioned idea that, organizing and equipping “includes identifying and acquiring standard and/or surge equipment an organization may need to use when delivering a specific capability,” we need to think of potential areas where we may need enhanced support. Perhaps if we suspect we have malware on our network or if we experience a data breach. Wherever we assess risks that we want to be able to operationally address (as opposed to something we’d accept and address via insurance, for example) and do not have the organic in-house capabilities, we need to be able to surge, with internal or external resources, to meet the potential situation.
To read the complete post, continue to SurfWatch Labs: “Preparedness & Cyber Risk Reduction Part Three: Organize & Equip”
This series is being written by Andy Jabbour, Gate 15’s Co-Founder and Managing Director. Andy leads Gate 15’s risk management and critical infrastructure operations with focus on Information Sharing, Threat Analysis, Operational Support & Preparedness Activities (Planning, Training & Exercise). Andy has years of experience working with partners across the critical infrastructure and homeland security enterprise to support national security and client business needs.