3 easy ways to improve your alerting process immediately
by Johannes Ebner
Does you alerting work without hitches? Are all processes tailored to one another? What can you do perfectly to organize the overall process? In this post we will answer these questions an present 3 ways to improve your alerting process.
1# Rely on standardized processes
The history of standardization is a success story. Uniform standards lead to common measures of distance and weight, which in turn facilitates the interchangability of machine parts. Your alering process should also be standarized in order to lead to consistency, clear responsibilities, and effective learning.
Many companies still use the “all hands on deck” approach. Everyone is alerted and has to provide help. This works well for coping with incidents in small companies. However, in an emergency, it is a lot more efficient to have a pre-defined plan. Therefore we first have to get a clear idea of what constitutes an indicent, an emergency, and a crisis.
The University of Leoben has defined in its crisis manual, that an incident is for example an accident in the workplace. An emergency is
“A major damage event that can be limited in terms of time and location but requires coordinated control due to the resources required (internal functions, relief and emergency services). e.g.: prolonged outage as a result of technical defect, assault with casualties, burglary, limited outage of supply and disposal facilities, major disruption of processes, etc.”
A crisis is defined as an incident that entails significantly detrimental consequences.
Individual situations/scenarios should then be worked out for the respective escalation levels. For example, a fire falls into the category “emergency” and large-scale flooding into the category “crisis”. You should work out these two scenarios perfectly. To do this, you define clear responsibilities and create step-by-step instructions because if the responsibility and function during a critical event are clear, decisions can be made quickly. The instructions record for all persons in the company when and how to react to common events such as accidents or IT incidents.
2# Practice makes your company more resilient
Especially within small companies it is common practice to neglect emergency drills. The adage “practice makes perfekt”, despite often causing eye-rolling, makes perfect sense. You discover shortcoming in your system which have been overlooked in the planning stage. You discover processes which need to be improved. You and your colleagues prepare for making the right moves in case of a real incident.
That is why exercises should be held on a regular basis. In case this is not possible on a grand scale try splitting it into smaller units. Another possibility is to act out an event that has just hit another company, e.g. a major fire at a company in your neighbouring region. How would you deal with this event?
3# Learn & share
The learning phase is one of the most important phases after a security incident. Unfortunately, it is often not possible to prevent all critical incidents. However, the opportunity to investigate these events should not be missed by any company. In addition to the typical procedure such as collecting information and describing the exact course of events, the causes should be investigated in detail. The 5-why-method is particularly suitable for this.
The 5-why method is a tool from quality management. The aim is to find the cause of a problem. By constantly asking “why”, it is possible to think beyond the obvious reasons. In the first step, formulate the problem and then give a step-by-step answer to the “why” questions. Finally, you should come to a clear conclusion as to why an event has occurred and what countermeasures you can take.
Share your findings within the company, with your suppliers and in the security community. By sharing, you give others the chance to learn, you manage your reputation and you keep your supply chain safe.