𝗧𝗵𝗲 𝗛𝘂𝗺𝗮𝗻 𝗖𝗼𝘀𝘁 𝗼𝗳 𝗖𝗿𝗶𝘀𝗶𝘀 𝗥𝗲𝘀𝗽𝗼𝗻𝘀𝗲 - Revamp and Revise your Incident Response Plan (pt 1)

A few weeks ago, I participated in a tabletop exercise at the MM-ISAC conference that simulated a major security incident. While the exercise was valuable, it highlighted a crucial gap in many incident response plans (IRPs): 𝘁𝗵𝗲 𝗵𝘂𝗺𝗮𝗻 𝗰𝗼𝘀𝘁.

We swapped stories about war room experiences, fueled by energy drinks and chips, with people sleeping on office floors and missing family time. Sadly, one participant mentioned a recent incident triggering an attempted employee suicide.

This is unacceptable. 𝗖𝗿𝗶𝘀𝗶𝘀 𝗰𝗼𝘂𝗻𝘀𝗲𝗹𝗼𝗿𝘀 𝘀𝗵𝗼𝘂𝗹𝗱 𝗯𝗲 𝗿𝗲𝗮𝗱𝗶𝗹𝘆 𝗮𝘃𝗮𝗶𝗹𝗮𝗯𝗹𝗲 𝘁𝗼 𝘀𝘂𝗽𝗽𝗼𝗿𝘁 𝘁𝗵𝗲 𝗖𝗿𝗶𝘀𝗶𝘀 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗧𝗲𝗮𝗺 (𝗖𝗠𝗧) 𝗮𝗻𝗱 𝗮𝗹𝗹 𝗮𝗳𝗳𝗲𝗰𝘁𝗲𝗱 𝗲𝗺𝗽𝗹𝗼𝘆𝗲𝗲𝘀, 𝗯𝗼𝘁𝗵 𝗱𝘂𝗿𝗶𝗻𝗴 𝗮𝗻𝗱 𝗮𝗳𝘁𝗲𝗿 𝘁𝗵𝗲 𝗶𝗻𝗰𝗶𝗱𝗲𝗻𝘁. IRPs must also include clear scheduling guidelines with mandatory breaks and rest periods for CMT members.

𝗘𝗺𝗲𝗿𝗴𝗲𝗻𝗰𝘆 𝗿𝗲𝘀𝗽𝗼𝗻𝘀𝗲 𝘁𝗲𝗮𝗺𝘀 𝗮𝗹𝗿𝗲𝗮𝗱𝘆 𝗽𝗿𝗶𝗼𝗿𝗶𝘁𝗶𝘇𝗲 𝘁𝗵𝗲 𝘄𝗲𝗹𝗹-𝗯𝗲𝗶𝗻𝗴 𝗼𝗳 𝘁𝗵𝗲𝗶𝗿 𝗼𝗽𝗲𝗿𝗮𝘁𝗼𝗿𝘀. As the security industry matures, we need to extend this respect to our front-line cybersecurity defenders. In a climate where anxiety disorders are rising among young workers (63% increase*), IRPs must prioritize the mental health of the CMT and all impacted employees.

Let's build a more resilient and humane security industry. Let's ensure IRPs acknowledge and address the human cost of crisis response.

*𝘏𝘺𝘥𝘦, 𝘌. 𝘒. 𝘖. &. 𝘌. (2023, 𝘖𝘤𝘵𝘰𝘣𝘦𝘳 30). 𝘛𝘩𝘦 𝘙𝘪𝘴𝘦 𝘰𝘧 𝘈𝘯𝘹𝘪𝘦𝘵𝘺 𝘢𝘯𝘥 𝘋𝘦𝘱𝘳𝘦𝘴𝘴𝘪𝘰𝘯 𝘢𝘮𝘰𝘯𝘨 𝘠𝘰𝘶𝘯𝘨 𝘈𝘥𝘶𝘭𝘵𝘴 𝘪𝘯 𝘵𝘩𝘦 𝘜𝘯𝘪𝘵𝘦𝘥 𝘚𝘵𝘢𝘵𝘦𝘴 - 𝘉𝘢𝘭𝘭𝘢𝘳𝘥 𝘉𝘳𝘪𝘦𝘧. 𝘉𝘢𝘭𝘭𝘢𝘳𝘥 𝘉𝘳𝘪𝘦𝘧. 𝘩𝘵𝘵𝘱𝘴://𝘣𝘢𝘭𝘭𝘢𝘳𝘥𝘣𝘳𝘪𝘦𝘧.𝘣𝘺𝘶.𝘦𝘥𝘶/𝘪𝘴𝘴𝘶𝘦-𝘣𝘳𝘪𝘦𝘧𝘴/𝘵𝘩𝘦-𝘳𝘪𝘴𝘦-𝘰𝘧-𝘢𝘯𝘹𝘪𝘦𝘵𝘺-𝘢𝘯𝘥-𝘥𝘦𝘱𝘳𝘦𝘴𝘴𝘪𝘰𝘯-𝘢𝘮𝘰𝘯𝘨-𝘺𝘰𝘶𝘯𝘨-𝘢𝘥𝘶𝘭𝘵𝘴-𝘪𝘯-𝘵𝘩𝘦-𝘶𝘯𝘪𝘵𝘦𝘥-𝘴𝘵𝘢𝘵𝘦𝘴