Home » Posts tagged 'Incident Planning'
Tag Archives: Incident Planning
Cultural Differences
I have had the honour of working with the US Secret Service in the past, a role that involved moments of tension, good humour, a fair bit of coffee drinking, and some very intelligent conversations.
One related to the difference of approach to Protection work based on the cultural background of the host country. For a Presidential Visit, the USSS work with the local security teams to agree how the President will be protected – this is a balance between the expectations of the USSS and the local knowledge of the hosts. For example what is ideal in the US may be problematic for the host country and a better alternative suggested.
Most of this is a pragmatic conversation between experts, however culturally there may be fundamental differences that lead to certain responses.
- In some countries, if a VIP is attacked they will be moved away from the threat.
- In other countries, if the VIP is attacked they will defended at the scene.
Culturally, running away may not be seen as acceptable and to expect it may therefore meet with resistance. The planned response may not be followed.
The existence of these cultural differences also applies within companies, especially multinationals or companies formed by mergers, where different teams have different cultures that may in the event of an emergency clash with the preplanned corporate responses. In the worst cases, you can find that not only are reacting to an attacker but also your own side.
Running exercises to identify the issues is important, as is clearly defining expectations and roles in handling an incident.
Bad things will happen
How you react to them, and whether you manage them or they control you is a matter of planning, but no one likes to plan for a risk becoming an issue.
Risk Registers are built and Controls are put in place to control the risks. A control, however, only reduces a risk rather than eliminates it completely. There is still a possibility of the events in the risk actually occurring. It is a common failing to believe that identifying a risk, and associating a Control with it makes the risk disappear.
Planning for a Controlled Risk actually happening often feels like a worthless activity, and so there is little effort or enthusiasm in performing it. There is also a view that says “We don’t know what will happen (if we did we’d have stopped if happening), therefore we can’t plan for it.” This is largely true, but a general structure and roles in addressing an event can be established.
The aim of an incident response plan is to reduce the opportunity for chaos, enabling a business to recover as quickly as possible and to reduce the losses.
What is in the plan?
- Pre-agreed Roles and Responsibilities.
- How an the Incident Team is triggered
- Who owns the Incident.
- The support they can call on: Technical and Security experts, Media Relations, Property and Transport.
- How the Team will Communicate, both between the members of the team and with other stakeholders.
- What records they will keep.
- What authority they have
- What limitations will they have on funding and resources.
Doesn’t this sound similar to a Business Continuity and Recovery Plan?
