A workplace looks very different during incident response.

  • Incidents are inevitable.
  • Incident response temporarily changes the workplace:
    • Incidents sometimes start with an unexplainable behavior.
    • Incidents sometimes start with an external notification.
    • Incidents attract attention and requests for help very quickly.
    • Incidents send some employees home for the day.
    • Incidents operate on incomplete information.
    • Incidents eventually become public.

Preparation is helpful.

  • Create an incident response plan to manage these changes:
    • A rolodex of contacts: Law enforcement, Forensic, Legal, Leadership, and PR contacts who can come online quickly and contribute to a response.
    • A template for collaboration: Incidents are often about managing uncertainty. What are questions we still have? Who is accountable for answering them? What are the short term emergency actions, and what are the long term learnings?
    • Approval Points: Who approves an emergency blog post, an email to customers, or calls law enforcement? Pre-approvals for expected steps will avoid delays and meetings.
    • Internal Communications: Who communicates issues with employees?
  • Your readiness for an incident depends on leading project work.
  • Incident response can be practiced with tabletop exercises.
    • Or, active exercises
    • Or, red team exercises.