June’s security awareness topic: incidents and disasters

Outline and scope New this month

Scope diagramDespite our best efforts to avoid or prevent incidents and avert disasters, they remain a possibility.  Being prepared puts us in a better position to survive and thrive, keeping essential business processes and systems running despite the event (continuity and resilience), recovering non-essential ones as soon as practicable afterwards (recovery and resumption), and generally coping with whatever comes our way (contingency).

Preparedness means getting ourselves ready in case something unexpectedly goes seriously wrong.  Whereas we may cope perfectly well with relatively minor events, more serious incidents or disasters such as the following require better preparation:

  • Power cuts, surges and dips;
  • Fires, overheating or smoke damage;
  • Floods and leaks;
  • Earthquakes, cyclones, tornadoes, volcanic eruptions or terrible storms;
  • Hacks and social engineering attacks;
  • Overloaded IT systems, out of capacity;
  • Malware infections, spyware, ransomware;
  • Mistakes by system administrators or users, plus “accidents” of all sorts;
  • Essential people unavailable e.g. sick;
  • Failed IT changes or upgrades;
  • Cloud and Internet failures;
  • Serious frauds.

Although we aim to prevent incidents and disasters, there are many risks and our preventive controls are imperfect, hence we can’t guarantee to prevent them all.  We need to be capable of surviving almost any incident or disaster.  While we can’t truly plan for all such eventualities, it is important that we prepare ourselves as best we can through awareness and training (including exercises), continuity and resumption planning and emergency supplies.

 

Module 182 content

 

Learning objectives

The awareness and training module aims to:

  • Introduce and provide background information on information security events, incidents, disasters, responses, business continuity, resilience, recovery, contingency etc.;
  • Expand on the associated incident and disaster management processes, including anticipating, reporting, calmly responding to, resolving and learning from them;
  • Encourage people to spot and report information security concerns, issues, events, incidents and near-misses, promptly.

Think about your learning objectives in this area.  Does your organization have particular issues, challenges, requirements or obligations your awareness program should emphasize in relation to incidents and disasters?  Look critically at your awareness and training content: does it cover the full breadth of the topic?  Is it (literally!) presentable?  Is it professionally crafted to inform and motivate your people?

Get this module

Subscribe to the NoticeBored service to receive the new module, plus further batches of fresh awareness goodies every month.  We offer a wealth of creative materials on a market-leading range of topics making it easy and economic for you to run a world-class security awareness and training program.

Email us to set the ball rolling.  Find out exactly what is provided in the latest pack, and speak to us about getting your security awareness and training program quickly up to speed, for a lot less than you might think.  We’re a small company with a big reputation for quality and innovation. You can be assured of that.

Find out about our next awareness topic in NBlog.

Home > NB this month >

Copyright © 2018 IsecT Ltd.