When a breach occurs, and systems are compromised with data stolen or modified it hits hard like a winter storm.  For big organizations, this assumes the nature of a blizzard if the data stolen is personal identifiable information, protected health information, or sensitive corporate data such as R&D data that might be worth millions and entails the very existence of such organizations. Then this is usually accompanied by huge public outcry with legal and other implications.

For organizations that have prepared to deal with breaches or hacking incidents as crises, when a breach occurs employees and management remain calm, confident fully aware that a Crises Management Team (CMT) is in place that knows how to handle an incident and goes to work immediately. Organizations that have been dealing with crises and crises management for a while have gotten pretty stable at it. Yet, when an organization fail at it, there can be dramatic consequences – in recent times, many an organization have had severe consequences including loss of stock prices because of poor response to breaches.

The valuable lesson here is that the same crisis management practices, as well as the same negative consequences attached to failure, apply to an organization’s information security today. Information or Cyber security teams should pay attention to what well established and less glamorous City Work or Emergency Departments across the United States do to handle a crisis like ten feet of snow.

Similar to what cities do to adequately prepare for blizzards i.e.:

• Prepare the cleanup plan in advance
• Get as much early warning as possible
• Communicate with the public about how to best protect themselves
• Handle the incident as it unfolds to reduce loss of continuity

Organizations must replicate these and be adequately prepared for crises. The following steps are all also hallmarks of a mature Cyber security program:

• The organization has established a crisis management team (CMT), defined policies and procedures that guide the CMT response, assigning responsibilities to individuals, providing appropriate training, formalizing information flows, and selecting, installing, and understanding the tools used in the response effort. The tools used include(s) emergency preparedness and crisis management plans that…Include an accurate contact tree, as well as primary and emergency contact information, for communicating with employees, service providers, vendors, regulators, municipal authorities, and emergency response personnel

• The response team includes individuals with a wide range of backgrounds and expertise, from many different areas within the institution (e.g., management, legal, public relations, as well as information technology)

• The organization has established a CMT response or remediation plan and process that outlines the mitigating actions, resources, and time parameters.

• The crisis response process includes detailed actions and rule- based triggers for automated response.

• Methods for responding to and recovering from Cyber incidents or crisis are tightly woven throughout the organization's disaster recovery, business continuity, and crisis management plans.

• The organization has management-approved Cyber security roadmap that aligns the CMT.

As a critical success factor, the net effect when all (or most) of these are firmly in place is that the organization’s information security program is proactive in preparing for security incidents; and is a proof that the organization truly mature in the way it reacts to breaches once they arrive.