Once C-level support has been obtained, the next critical step is building a standing team that includes security, data center, storage, compliance, legal, risk management, business process, and internal and external communications. Organizations need to break down silos and create an interdisciplinary group that will continue to function as an ongoing entity, continually evolving to meet new threats.
Specific roles include incident reporter, the person responsible for communicating with stakeholders; a plan manager, whose role is to make sure everyone performs the tasks assigned to them; and an asset manager, who is responsible for securing and protecting critical assets and reporting back on their status throughout the incident.
Step 2: Identify risk — and locate all your data
Identifying risk in a large, distributed enterprise is a complex task. Risks are everywhere, starting with cyberattacks (including insider attacks), and encompass human error, system failures (hardware, software, network), natural disasters, and third-party vulnerabilities associated with supply chains, cloud service providers, and SaaS providers.
