> j_M007 (Contributor II) posted a new topic in Career on 10-03-2018 03:47 AM in
> One aspect of security incident management that I have not seen in > the hugely copious documentation (entirely possible that I missed it!!), is > mention of the Incident Command System. In use in the emergency and crisis > management spheres, as well as business continuity realm, I would have thought I > would hear more about its use among infosec folk.
I do a bit about it in my incident response planning seminars. You might want to look more into the business continuity literature, and search for structure of the emergency operations centre (although there isn't a huge amount there, either). Most of that would relate to an incident command system, although a lot is going to depend on your local organizational structure.
In fact, you are right abou the BCM reliance on ICS, especially in USA and Canada. Catastrophic disasters, fires, floods, hurricanes, often call for disparate teams to work together under a unified command.
When everyone is singing from the same hymnal, the music is far less discordant!
> j_M007 (Contributor II) posted a new reply in Career on 10-03-2018 01:09 PM in
> In fact, you are right abou the BCM reliance on ICS, especially in > USA and Canada.
I have, for some time, been trying to get people who are formally in security to pay attention to BCP, and vice versa. Particularly in regard to ICS and EOC. One of the best books on security management was written by a strictly physical security guy: about 85% of it is applicable to infosec management. I've taken a tool from BCP and, with very minor changes, applied it very effectively to incident response planning, and then to emergency management, as well.