Welcome to NBlog, the NoticeBored blog

I may meander but I'm 'exploring', not lost

Sep 29, 2006

Awareness module on IT incident management

October's NoticeBored Classic information security awareness module is about information security/IT incidents - how they are identified, reported, analyzed, contained, resolved and closed out. We encourage organizations to conduct Post Incident Reviews routinely on all significant incidents, not to apportion blame but to identify control improvements and, most importantly, make sure someone is identified to "own" the corrective actions arising. This is a typical learning loop leading to continuous improvement, yet so often thigs are just left drifting after the dust has settled on an incident. Perhaps it's a maturity thing. I've witnessed first-hand quite a range of responses to serious infosec breaches, ranging from "headless chicken mode" to "stay calm, everything is under control". The headless chickens were far too disorganized to consider let alone conduct effective Post Incident Reviews, preferring to continue lurching from breach to breach. If only their stakeholders knew the true state of management!
Incident management links collection here. Further relevant contributions always welcome.