Cyber Security Institute

Monday, November 08, 2010

How to have a Disastrous Crisis

It can get better

These are the some things you should do when a crisis occurs if you really want things to go wrong.  (I.e. You don’t want to do these thing)

Panic
Panic can take all sorts of forms:

It can manifest it’s self in a communicative denial where the person or team fails to call in help from other groups or people.  This can be very damaging and costly.  There was one crisis I was brought to perform a post mortem on, where the team had failed to notify the management of a lost laptop. Expensive and wasteful expense.

Just reacting or “shooting from the hip” can cause all sorts of chaos, both short term and long term.

How do you not panic?  Have a plan, have the right people and the right attitude.

Loose focus on the objectives.  Focus on the technologies issues and not the business..
At all times,the following should be the goals of everyone involved: Protecting people, Protecting the environment, Protecting the business

Waste times and resources
Before a crisis occurs, make sure you have a good idea of the people, the capabilities and objectives of the organization.

Focus on the immediate and forget about the long term implications. 
In the heat of the moment, you might be tempted to use an approach that might be ethically unsound Respect the law and regulations, and people.