Principles of Incident Response and Disaster Recovery, 2nd Edition
Chapter 12
Crisis Management and International Standards in IR/DR/BC
1
1
Objectives
Describe the role of crisis management in a typical organization
List recommendations for the creation of a plan preparing for crisis management
Discuss issues in dealing with post-crisis trauma
Explain the process of getting people back to work after a crisis
Describe the impact of the decisions regarding law enforcement involvement
Principles of Incident Response and Disaster Recovery, 2nd Edition
2
2
Objectives (cont’d.)
Discuss how to manage the crisis communications process
Explain how to prepare for the ultimate crisis in an organization through succession planning
List and describe key international standards in IR/DR/BC
Principles of Incident Response and Disaster Recovery, 2nd Edition
3
3
Introduction
Most critical asset: people
Employees, vendors, customers, or neighbors
Crisis response
Often overlooks steps to preserve people
September 11, 2001 attacks
Reinforced notion that people cannot be replaced readily
Such catastrophes set new benchmarks
Disaster management plans
Prepare organization for the impact of loss of people
Principles of Incident Response and Disaster Recovery, 2nd Edition
4
4
Crisis Management in the Organization
Crises arrive at organizations
Whether expected or not
Whether or not contingency plans and crisis management preparations in place
Principles of Incident Response and Disaster Recovery, 2nd Edition
5
5
Crisis Terms and Definitions
Institute for Crisis Management (ICM) crisis
Business crisis: significant business disruption
Direct impact on the lives, health, and welfare of an organization and its employees
Typically caused by the same events that cause incidents and disasters (natural and man-made)
Critical difference: potential impact on lives
Principles of Incident Response and Disaster Recovery, 2nd Edition
6
6
Crisis Terms and Definitions (cont’d.)
Crises studied by ICM
Result from management not taking action when informed about a problem that will eventually grow into a crisis
Two types
Sudden crisis
Operations disrupted without warning
Smoldering crisis
Problem or situation not generally known inside or outside the organization
Principles of Incident Response and Disaster Recovery, 2nd Edition
7
7
Crisis Terms and Definitions (cont’d.)
Crisis management (CM)
Set of actions taken in response to an emergency situation in an effort to minimize injury or loss of life
Emergency situation: isolated or widespread
Emergency response
Actions taken to manage immediate physical, health, and environmental impacts resulting from an incident
Crisis communications
Steps taken to communicate what is happening or has happened to internal and external audiences
Principles of Incident Response and Disaster Recovery, 2nd Edition
8
8
Crisis Terms and Definitions (cont’d.)
Humanitarian assistance
Actions taken to meet psychological and emotional needs of various stakeholders
Crisis management planning (CMP)
Process of preparing for, responding to, recovering from, and managing communications during a crisis
CMP process emphasis
Planning function during the “preparing for” stage
Primary guiding document
Crisis management plan (CM plan)
Principles of Incident Response and Disaster Recovery, 2nd Edition
9
9
Crisis Misconceptions
Majority of business crises are sudden crises
Reality: significantly more smoldering crises than sudden crises
Crises most commonly the result of employee mistakes or acts of nature
Reality: mostly the direct or indirect result of management actions, inactions, or decisions
ICM crisis categories
Failure of management controls occurs most
Principles of Incident Response and Disaster Recovery, 2nd Edition
10
10
Principles of Incident Response and Disaster Recovery, 2nd Edition
11
11
Preparing for Crisis Management
Crisis management prepared similar to IR, DR, BC
Managers deal with crisis regularly
Small and innocuous or large and catastrophic
Successful executive management
Deals successfully with crises
Results from careful planning executed decisively to deal with issues quickly before harm comes to the organization
Promotes strategic organizational objectives
Principles of Incident Response and Disaster Recovery, 2nd Edition
12
12
General Preparation Guidelines
Tips to improve CM processes
Build contingency plans, identify teams, train staff, and rehearse scenarios before a crisis occurs
Verify staff members know that only designated crisis management team members represent the company
Plan to react as fast as possible
Ensure you have highest quality plans and processes
Always give complete and accurate information
Adopt the long view and consider long-term effects
Principles of Incident Response and Disaster Recovery, 2nd Edition
13
13
General Preparation Guidelines (cont’d.)
Excuses offered for not being prepared
Denial
Deferral or low prioritization
Ignorance
Inattention to warning signs
Ineffective or insufficient planning
Preparation for CM
Follow multistep process used for IR, DR, and BC
Principles of Incident Response and Disaster Recovery, 2nd Edition
14
14
Organizing the Crisis Management Team
CM planning committee
Gathers information; lays out future plans
CM planning team
May become the CM operations team
Representation from impacted areas and a champion
CM operations team (CM team)
Staff members engaged in actual response
CM team members: team leader, communications coordinator, emergency services coordinator, others
Head count: process of accounting for all personnel
Principles of Incident Response and Disaster Recovery, 2nd Edition
15
15
Crisis Management Team Planning Preparation
Questions stimulate conversation
What kind of notification system do we have or do we need? Is it automated or manual? Is it able to reach all employees or just management and the crisis team during business hours and after business hours? How long does it take?
Do we have an existing CM plan? If so, how old is it, and when was it last used or tested?
What internal operations must be kept confidential in order to prevent embarrassment or damage to the organization? How are we currently protecting that information?
Principles of Incident Response and Disaster Recovery, 2nd Edition
16
16
Crisis Management Team Planning Preparation (cont’d.)
Questions stimulate conversation (cont’d.)
Do we have an official spokesperson for the organization? Who is our alternate?
What information should we share with the media if we have a crisis? With our employees?
What crises have we faced in the past? What crises have other organizations in our region faced? In our industry? Have we changed how we operate as a result of these crises?
Answers provide foundation for shaping the CM plan
Answers assist team organization, initial strategies
Principles of Incident Response and Disaster Recovery, 2nd Edition
17
17
Crisis Management Critical Success Factors
Leadership
Leaders influence employees
Managers administer resources
Leadership skills
Ability to multitask; rational under pressure
Can express empathy
Uses quick and effective decision making
Able to delegate and use good communication
Ability to prioritize
Principles of Incident Response and Disaster Recovery, 2nd Edition
18
18
Crisis Management Critical Success Factors (cont’d.)
Speed of response
If CM plan becomes mobilized in the first hour
Then highest probability of coming out of the crisis with minimal impact exists
A robust plan
Clearly defined, rehearsed, and managed
Provides best possible chance of surviving a crisis
Principles of Incident Response and Disaster Recovery, 2nd Edition
19
19
Crisis Management Critical Success Factors (cont’d.)
Adequate resources
Access to funds (cash), communications management, transportation, legal advice, insurance advice and service, moral and emotional support, media management, effective operations center
Funding
Spend what you need, when you need it
Employee assistance programs, including counseling
Travel expenses and employee overtime
Replacement of employee property
Compensation for the injured
Principles of Incident Response and Disaster Recovery, 2nd Edition
20
20
Crisis Management Critical Success Factors (cont’d.)
Caring and compassionate response
Need people skills and demonstrate an understanding of employees personal issues
Provide comfort items
Excellent communications
Keep employees, community, and media informed of events and efforts
Have key personnel undergo media training
Know your stakeholders; keep them apprised
Tell the truth; have information ready to distribute
Express pity, praise, and promise
Principles of Incident Response and Disaster Recovery, 2nd Edition
21
21
Developing the Crisis Management Plan
Document specifying roles and responsibilities of individuals
Purpose
Identify individuals to whom the document applies
Crisis management planning committee
Identifies the individuals by name or by position
Defines difference between the planning committee and the operating team
Principles of Incident Response and Disaster Recovery, 2nd Edition
22
22
Developing the Crisis Management Plan (cont’d.)
Crisis types
Example: simple method of defining crises
Category 1: Minor damage to physical facilities or minor injury to personnel addressable with on-site resources or limited off-site assistance
Category 2: Major damage to physical facilities or injury to personnel requiring considerable off-site assistance
Category 3: Organization-wide crisis requiring evacuation of organizational facilities, if possible, and/or cessation of organizational functions pending resolution of the crisis
Principles of Incident Response and Disaster Recovery, 2nd Edition
23
23
Developing the Crisis Management Plan (cont’d.)
Crisis management team structure
Identifies the CM team and its responsibilities
Individuals who handle the crisis in the event if the CM plan activated
Responsibility and control
CM team leader or an executive-in-charge assumes overall responsibility
Chain of command
List of officials: immediate supervisor to top executive
Executive-in-charge
Ranking executive on-site
Principles of Incident Response and Disaster Recovery, 2nd Edition
24
24
Developing the Crisis Management Plan (cont’d.)
Responsibility and control (cont’d.)
Clearly defined executive-in-charge roster
Chief executive officer/president
Senior vice president
Vice president for operations/chief operations officer
Implementation
Plan implementation including contingencies
Provides alternatives for optimal and less than optimal situations
Principles of Incident Response and Disaster Recovery, 2nd Edition
25
25
Developing the Crisis Management Plan (cont’d.)
Crisis management protocols
Detailed notification protocol for common crisis or emergency events
Include whom to contact and when
Event examples
Medical emergency
Violent crime or behavior
Political situations
Off-campus incidents; accidents involving employees
Environmental or natural disasters
Bomb threats
Principles of Incident Response and Disaster Recovery, 2nd Edition
26
26
Developing the Crisis Management Plan (cont’d.)
Crisis management plan priorities
Details effort priorities for CM team and other responsible individuals
Requires the establishment of general priorities
Each may have subordinate priorities
Appendices
Communications roster
Building layouts or floor plans clearly marked
Emergency exits, fire suppression systems, fire extinguishers, emergency equipment
Planning checklists detailing who prepares what
Principles of Incident Response and Disaster Recovery, 2nd Edition
27
27
Developing the Crisis Management Plan (cont’d.)
Sample CM plan
Available in book’s Opening Case Scenarios and Ongoing Cases
Included in Appendix C
Principles of Incident Response and Disaster Recovery, 2nd Edition
28
28
Crisis Management Training and Testing
CM training follows same blueprints and procedures of IR, DR, and BC
Desk check, talk-throughs, walk-throughs, simulation, and other exercises
Use on a regular basis
Helps prepare for crises
Helps keep the CM plan up to date
Emergency roster test
After hours notification tests or alert roster tests
Determine employees ability to respond
Automated or manual notifications
Principles of Incident Response and Disaster Recovery, 2nd Edition
29
29
Crisis Management Training and Testing (cont’d.)
Tabletop exercises
Scenario-driven talk-through
Employees are given a general scenario and sequence of several unfolding events or “injections” and asked to describe how they would respond
Messages can be passed around the table
Simulation
Conduct exercises simulating a crisis
May schedule simulation in conjunction with a fire department training exercise
Works well for small-scale and large-scale events
Principles of Incident Response and Disaster Recovery, 2nd Edition
30
30
Crisis Management Training and Testing (cont’d.)
First aid training
Many larger organizations have training and formal procedures to assist first responders
Can be used during crisis-response activities
Have first aid kits and know how to use contents
Routinely check contents
Encouraged staff to have first aid and cardiopulmonary resuscitation (CPR) training
Provide easy-to-use heart defibrillators
Principles of Incident Response and Disaster Recovery, 2nd Edition
31
31
Crisis Management Training and Testing (cont’d.)
Other crisis management preparations
Elements that can help if CM plan needed
Emergency kits, emergency identification cards, and medical condition notifications
Emergency kits
Provide essential components
Copies of the DR, BC, and CM plans, laminated checklist of preliminary CM steps, laminated map with marked assembly areas and shelters, laminated card with emergency numbers, flashlights, reflective vests, warning triangle, caution tape, first aid kit with rubber gloves, clipboard, notepad, pens, markers, spray paint
Principles of Incident Response and Disaster Recovery, 2nd Edition
32
32
Crisis Management Training and Testing (cont’d.)
ID cards
Provide a crisis management identification card
Provides quick reference for critical CM information
Provides critical personal information
Medical alert tags and bracelets
Consider the protection of personal privacy
May be necessary to ask employees about any medical conditions to consider during crisis
Covered in part with the emergency ID cards
Consider use of medical alert tags or bracelets
Principles of Incident Response and Disaster Recovery, 2nd Edition
33
33
Principles of Incident Response and Disaster Recovery, 2nd Edition
34
34
Post-crisis Trauma
Anyone can suffer severe traumatic episode side effects
Look out for the well-being of all individuals
Not just those directly affected by the crisis
Principles of Incident Response and Disaster Recovery, 2nd Edition
35
35
Posttraumatic Stress Disorder
Posttraumatic stress disorder (PTSD)
Shell shock, battle fatigue, or battle neurosis
Widely recognized psychiatric disorder
Make preparations for the fallout from PTSD
Principles of Incident Response and Disaster Recovery, 2nd Edition
36
36
Employee Assistance Programs
Employee assistance program (EAP)
Part of health benefits or contracted out as needed
Provides counseling services
Assist employees in coping with the changes in life resulting from surviving a crisis
EAPs fill the need to talk through issues that people are unable to deal with on their own
Humanitarian response team as part of CM team
Counselors, legal aids, medical professionals, interpreters
Principles of Incident Response and Disaster Recovery, 2nd Edition
37
37
Immediately after the Crisis
Assembly areas used to gather employees
Use automated notification systems, supervisor head counts, and buddy system to account for employees
Formally release personnel after accounted for
Resist urge to move employees out as quickly as possible
Before employees released
Hold one final information briefing
Provide an overview of what happened, who was affected, and what the next course of business will be
Principles of Incident Response and Disaster Recovery, 2nd Edition
38
38
Immediately after the Crisis (cont’d.)
Dealing with families
CM plan should prepare organization’s management and staff to interact with family members
Especially if serious injury or loss of life occurred
May require professional assistance
Legal counsel, grief counselors, and employees formally trained to deal with these situations
Follow up with employees receiving medical care at clinics or hospitals
Principles of Incident Response and Disaster Recovery, 2nd Edition
39
39
Getting People Back to Work
Conduct a briefing of all employees, either directly or through managers and supervisors
Without facts, rumor mill will run rampant
Use internal counseling sessions (individual and group)
Mixed opinions about debriefing activities
Some PTSD research indicates
Debriefing process itself may exacerbate problems experienced following a stressful event
Use skilled crisis-management professionals to monitor and follow up on the affected workforce
Principles of Incident Response and Disaster Recovery, 2nd Edition
40
40
Dealing with Loss
Result of death or serious injury or an unwillingness to return to the workplace
Skills and organizational knowledge may be lost
Use cross-training, job and task rotation, and redundancy to help
Cross-training
Process of ensuring that every employee is trained to perform at least part of the job of another employee
Principles of Incident Response and Disaster Recovery, 2nd Edition
41
41
Dealing with Loss (cont’d.)
Job and task rotation
Job rotation
Movement of employees from one position to another so they can develop additional skills and abilities
Horizontal job rotation
Movement of employees among positions at the same organizational level rather than through progression and promotion
Task rotation
Functionally similar to job rotation but only involves the rotation of a portion of a job
Principles of Incident Response and Disaster Recovery, 2nd Edition
42
42
Dealing with Loss (cont’d.)
Personnel redundancy
Provides assurance in the coverage of critical skills and knowledge
Personnel costs: large business expenses
Redundant personnel
Individuals hired above and beyond the minimum number of personnel needed to perform a business function
May not be the best option for all businesses
Principles of Incident Response and Disaster Recovery, 2nd Edition
43
43
Law Enforcement Involvement
Contact law enforcement during a crisis
Have trained in skills specifically geared to CM
Crowd control, search and rescue, first aid, physical security
Dial 911 in the United States and Canada
Dial 999 in other countries
Level of involvement may escalate quickly
Through state investigative agencies to federal agents and officers
Principles of Incident Response and Disaster Recovery, 2nd Edition
44
44
Federal Agencies
Federal agencies involved in a crisis
Dependent on the type and scope of the crisis
Department of Homeland Security (DHS)
Federal agency most specifically organized to handle crises: (http://www.dhs.gov)
Especially threats to the safety of U.S. citizens and potential damage to infrastructure
DHS and FEMA sponsor a public education site to provide information on preparing for crisis
http://ready.gov
Principles of Incident Response and Disaster Recovery, 2nd Edition
45
45
Federal Agencies (cont’d.)
Department of Homeland Security (cont’d.)
Principles of Incident Response and Disaster Recovery, 2nd Edition
46
46
Federal Agencies (cont’d.)
Department of Homeland Security (cont’d.)
Principles of Incident Response and Disaster Recovery, 2nd Edition
47
47
Federal Agencies (cont’d.)
Federal Emergency Management Agency (FEMA)
Stated mission
“To support our citizens and first responders to ensure that as a nation we work together to build, sustain, and improve our capability to prepare for, protect against, respond to, recover from, and mitigate all hazards”
Provides many services
Service to disaster victims, integrated preparedness, operational planning and preparedness, incident management, disaster logistics, hazard mitigation, emergency and public disaster communications, continuity programs
Principles of Incident Response and Disaster Recovery, 2nd Edition
48
48
Federal Agencies (cont’d.)
Secret Service
Dual mission
Protect high-level politicians
Investigating crimes related to financial securities
Principles of Incident Response and Disaster Recovery, 2nd Edition
49
49
Federal Agencies (cont’d.)
Federal Bureau of Investigation (FBI)
Mission
“To protect and defend the United States against terrorist and foreign intelligence threats and to enforce the criminal laws of the United States”
Assigned jurisdiction over more than 200 categories of federal law
Counterterrorism, counterintelligence, cybercrime, public corruption, civil rights violations, organized crime, white-collar crime, and major thefts and violent crimes
Crime crossing state lines becomes a federal matter
Principles of Incident Response and Disaster Recovery, 2nd Edition
50
50
Federal Agencies (cont’d.)
Federal hazardous materials agencies
Trained to deal with radiological, biological, or chemical threats (terrorist or accidental)
Assist to contain contamination and restrict exposure
Incidents resulting from transportation accident: handled by the Department of Transportation’s Office of Hazardous Materials Safety
Criminal or terrorist act: handled by DHS and/or FBI
Radioactive materials handled by U.S. Department of Energy’s Nuclear Emergency Response Team
Principles of Incident Response and Disaster Recovery, 2nd Edition
51
51
State Agencies
State agencies work with trade associations, individual businesses, and local governments to assist both in emergency preparations and in actual crisis management
State emergency management agency
State EMA and/or State DHS
State level point of interaction with the federal DHS and FEMA
State agencies may:
Be aligned with U.S. DHS functions and roles
Have corollary relationships with state FEMA agencies
Principles of Incident Response and Disaster Recovery, 2nd Edition
52
52
State Agencies (cont’d.)
State investigative services
State bureau of investigation (SBI)
State version of the FBI
May be associated with the state highway patrol
May be in a separate agency
SBI arrests suspects, serves warrants, enforces laws that regulate property owned by the state or any state agency, assist local law enforcement officials
State hazardous materials agency
Team prepared to handle emergency spills from trucks, trains, and aircraft
Principles of Incident Response and Disaster Recovery, 2nd Edition
53
53
Local Agencies
Local law enforcement enforce all local/state laws
Handle suspects and security crime scenes for state and federal cases
Police special weapons
SWAT (special weapons action team)
SORT (special operations response team)
Elite officers with extensive training in special weapons and tactics
Bomb detection and removal: deal with incendiary, explosive, contaminating devices
Principles of Incident Response and Disaster Recovery, 2nd Edition
54
54
Managing Crisis Communications
Essential for keeping organization together and functioning during and after a crisis
Managed communication occurs between crisis team, management, and employees.
Unmanaged communications
Beyond the control of the organization altogether
Communications with law enforcement, emergency services, and especially the media
Principles of Incident Response and Disaster Recovery, 2nd Edition
55
55
Crisis Communications
Jonathan Bernstein of Bernstein Crisis Management, LLC offers 11 steps of crisis communications
See pages 511-515
Principles of Incident Response and Disaster Recovery, 2nd Edition
56
56
Avoiding Unnecessary Blame
Unfortunate consequence of any crisis
Human need to place blame
Media often seeks to assign responsibility
Accountability appropriate if negligence is a factor
Fault
Occurs when management had a responsibility to do something in line with due diligence or due care, but didn’t do anything or did the wrong things
Blame
Human response dealing with the inexplicable travesty associated with loss – loss of life, limb, or property
Principles of Incident Response and Disaster Recovery, 2nd Edition
57
57
Avoiding Unnecessary Blame (cont’d.)
Examine your vulnerabilities
Look for crises events that could be interpreted as blameworthy
Start with the BIA and then move through the CM plan
Manage outrage to defuse blame
For natural or human emergency
Must demonstrate that you were prepared; can go a long way toward warding off blame
To defuse outrage seek and accept responsibility for the event
Principles of Incident Response and Disaster Recovery, 2nd Edition
58
58
Avoiding Unnecessary Blame (cont’d.)
Questions to help avoid blame
Should you have foreseen the incident and taken precautions to prevent it?
Were you unprepared to respond effectively to the incident after it occurred?
Did management do anything intentionally causing the incident to occur or that made it more severe?
Were you unjustified in the actions you took leading up to and following the incident?
Is there any type of scandal or cover-up related to your involvement in the incident?
Principles of Incident Response and Disaster Recovery, 2nd Edition
59
59
Succession Planning
Succession planning (SP)
Process enabling an organization to cope with any loss of personnel
With a minimum degree of disruption to the functionality of the organization
Predefine the promotion of internal personnel usually by position
Principles of Incident Response and Disaster Recovery, 2nd Edition
60
60
Elements of Succession Planning
SP widely recognized as an essential executive-level function
Must be carefully managed
Dr. Beitler’s approach: six-step model
Alignment with strategy
SP must maintain its alignment with the other planning initiatives that take place within an organization
Identifying positions
Identify the key positions to include
Identifying candidates
Use a subjective assessment of individuals
Principles of Incident Response and Disaster Recovery, 2nd Edition
61
61
Elements of Succession Planning (cont’d.)
Dr. Beitler’s approach: six-step model (cont’d.)
Developing successors
Have career skill-building development plans defined by managers and HR Department
Integration with routine processes
For maximum SP process success, it must be operated by the line managers who form the core of the organization’s executive team
Balancing SP and operations
Managers must be accountable for planning, organizing, leading, and controlling SP activities
Principles of Incident Response and Disaster Recovery, 2nd Edition
62
62
Succession Planning Approaches for Crisis Management
Organizations lacking an SP process
Must include provisions for dealing with losses in key positions
A more complete CM plan should include a more complete approach to SP
Must decide the degree of visibility that the SP process will have within the organization
Visibility (transparency)
Degree of information about the SP that members have prior to their need to know about it
Principles of Incident Response and Disaster Recovery, 2nd Edition
63
63
Succession Planning Approaches for Crisis Management (cont’d.)
Operationally integrated succession planning
More visible approach
Fully developed as a supervisory process in the organization
Fully integrated into the routine management processes of the organization
Well known to the current incumbents of key positions
Well known to potential successors to those key positions
No need to make special provisions for SP when integrating the process into contingency
Principles of Incident Response and Disaster Recovery, 2nd Edition
64
64
Succession Planning Approaches for Crisis Management (cont’d.)
Crisis-activated succession planning
Concealed version of SP
Reasons
Desire to avoid alarming organization members
Desire to avoid revealing critical information to competitive intelligence gatherers
Must develop contingent SPs using less open methods than an integrated plan would use
Mechanisms for backfilling vacant key positions
Must become part of the CM operational plan
Principles of Incident Response and Disaster Recovery, 2nd Edition
65
65
International Standards in IR/DR/BC
Number of U.S. and international standards
Provide guidance for various certifications and implementation
United States: guidance of the NIST series
Principles of Incident Response and Disaster Recovery, 2nd Edition
66
66
NIST Standards and Publications in IR/DR/BC
Primary guide for IR
SP 800-61 Revision 2, Computer Security Incident Handling Guide
http://csrc.nist.gov/publications/drafts/800-61-rev2/draftsp800-61rev2.pdf
Primary document for DR and BC
SP 800-34 Revision 1, Contingency Planning Guide for Federal Information Systems
http://csrc.nist.gov/publications/nistpubs/800-34-rev1/sp800-34-rev1_errata-Nov11-2010.pdf
Principles of Incident Response and Disaster Recovery, 2nd Edition
67
67
ISO Standards and Publications in IR/DR/BC
ISO: develops and publishes international standards
ISO/IEC 27031:2011
ISO standard focusing on the IT aspects of IR and BC
Describes elements of information and communication technology (ICT) readiness activities
ISO 22301:201
ISO standard specifying what must be done to implement a BC management system (BCMS)
Principles of Incident Response and Disaster Recovery, 2nd Edition
68
68
ISO Standards and Publications in IR/DR/BC (cont’d.)
ISO 22320:2011
ISO’s primary standard for crisis management
Helps organizations respond to disasters, social disruptions, or other significant incidents
ISO/IEC 24762:2008
Gives guidance to ICT organizations on the specifics of DR within the broader BC process.
Specifies how to prepare and use DR services and pre-position facilities as well as identify what capabilities a qualified DR service provider should be able to deliver
Principles of Incident Response and Disaster Recovery, 2nd Edition
69
69
Other Standards and Publications in IR/DR/BC
ASIS
1955: American Society for Industrial Security
2002: changed name to ASIS International
Standards
Organizational Resilience: Security, Preparedness and Continuity Management Systems – Requirements with Guidance for Use Standard (2009)
ASIS/BSI Business Continuity Management Standard (2010)
Business Continuity Guideline: A Practical Approach for Emergency Preparedness, Crisis Management, and Disaster Recovery (2005)
Principles of Incident Response and Disaster Recovery, 2nd Edition
70
70
Other Standards and Publications in IR/DR/BC (cont’d.)
BSI
British Standards Institute (BSI)
Father of many international standards
ISO 27000 series, ISO 9000 series, ISO 14000
Standards
PD 25666:2010, Business Continuity Management: Guidance on Exercising and Testing for Continuity and Contingency Programs – PD 25666
PD 25666:2010, Business Continuity Management: Guidance on Exercising and Testing for Continuity and Contingency Programs – PD 25666
Principles of Incident Response and Disaster Recovery, 2nd Edition
71
71
Other Standards and Publications in IR/DR/BC (cont’d.)
BSI (cont’d.)
Standards (cont’d.)
PD 25111, Business Continuity Management: Guidance on Human Aspects of Business Continuity Management – PD 25111
BS 25999, Business Continuity Management – BS 25999
BIP 0064: 2007, Information Security Incident Management: A Methodology
PAS 200, Crisis Management: Guidance and Good Practice
Principles of Incident Response and Disaster Recovery, 2nd Edition
72
72
Other Standards and Publications in IR/DR/BC
FFIEC
Federal Financial Institutions Examination Council (FFIEC) IT Examination Handbook InfoBase
http://ithandbook.ffiec.gov/it-booklets/business-continuity-planning.aspx
Provides additional information on a range of community topics
Risk management, IR, and CM
Principles of Incident Response and Disaster Recovery, 2nd Edition
73
73
Summary
Crisis: significant business disruption
Sudden and smoldering
Crisis management (CM): actions taken to minimize injury or loss of life
Crisis planning committee: include representatives of all appropriate departments and disciplines
CM team members handle the crisis response
Critical CM success factors
Leadership, response speed, robust plan, adequate resources, funding, caring and compassionate response, and excellent communications
Principles of Incident Response and Disaster Recovery, 2nd Edition
74
74
Summary (cont’d.)
CM team uses policy and plan document
CM Training exercises
Emergency roster test, tabletop exercises, simulation
Other efforts: emergency kits, emergency identification cards, medical condition notification
Cross-training, job and task rotation, redundancy
Deal with unavailable staff
Contact law enforcement and other agencies
SP allows coping with the loss of key personnel
Standards and supporting documents exist
Principles of Incident Response and Disaster Recovery, 2nd Edition
75
75