Re: Incident Command system (ICS)

j_M007 · ‎10-03-2018

Hello all,

One aspect of security incident management that I have not seen in the hugely copious documentation (entirely possible that I missed it!!), is mention of the Incident Command System.

In use in the emergency and crisis management spheres, as well as business continuity realm, I would have thought I would hear more about its use among infosec folk.

Does anyone here employ ICS? Do you have crisis cells for when the dirt hits the fan?

Does infosec drive crisis and emergency management, or do you handle it among other groups?

Thanks all for your insights.

rslade · ‎10-03-2018

> j_M007 (Contributor II) posted a new topic in Career on 10-03-2018 03:47 AM in

> One aspect of security incident management that I have not seen in
> the hugely copious documentation (entirely possible that I missed it!!), is
> mention of the Incident Command System. In use in the emergency and crisis
> management spheres, as well as business continuity realm, I would have thought I
> would hear more about its use among infosec folk.

I do a bit about it in my incident response planning seminars. You might want to
look more into the business continuity literature, and search for structure of the
emergency operations centre (although there isn't a huge amount there, either).
Most of that would relate to an incident command system, although a lot is going
to depend on your local organizational structure.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
I admire anybody who has the guts to write anything at all.
- E. B. White
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468

j_M007 · ‎10-03-2018

Thanks Rob

In fact, you are right abou the BCM reliance on ICS, especially in USA and Canada. Catastrophic disasters, fires, floods, hurricanes, often call for disparate teams to work together under a unified command.

When everyone is singing from the same hymnal, the music is far less discordant!

rslade · ‎10-03-2018

> j_M007 (Contributor II) posted a new reply in Career on 10-03-2018 01:09 PM in

> In fact, you are right abou the BCM reliance on ICS, especially in
> USA and Canada.

I have, for some time, been trying to get people who are formally in security to
pay attention to BCP, and vice versa. Particularly in regard to ICS and EOC. One
of the best books on security management was written by a strictly physical
security guy: about 85% of it is applicable to infosec management. I've taken a
tool from BCP and, with very minor changes, applied it very effectively to
incident response planning, and then to emergency management, as well.

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
What's nice with GUI is that you see what you manipulate, but
what's bad about GUI is that you can only manipulate what you see.
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468