How do you keep cool under pressure? What techniques do you use to keep your team and yourself on track when a crisis hits, be it an attack from the outside or an internal melt-down?
Looking for personal experiences and learning to share for an article in an upcoming issue of the (ISC)2 journal, InfoSecurity Professional.
I'd love to hear from you. You can email me at firstname.lastname@example.org.
@djohns12 I would love to see folks respond to this one here......great topic and potentially great learning tool.
Each team member is different and each has their own "breaking point". That is some folks can handle a lot of stress and not seem to be affected by it while others have a lower pressure point.
Some of the steps that I have used include:
Prior to the event, develop a plan that includes (take a page from Disaster Recovery on this one):
team members (how many teams, whose the A and B teams, etc.)
call lists (sometimes called Call Trees)
lists of critical / emergency contacts (vendors, etc.)
roles/responsibilities for the team members
communication plan (who talks to the media, when, etc.). This includes or should include who the crisis manager is and the reporting structure (sometimes, the crisis manager's boss becomes their employee in times of crisis).
When the event happens (steps are not chronological and can sometimes happen at the same time):
1. Ensure that employees can contact family and that family are okay.....if the family is in trouble, send them home. If they are worried about family you may not get their full attention.
2. Take care of feeding and watering In a crisis, folks will forget about eating/drinking and this can lead to stress. Ensure they take breaks to clear their heads.
3. Enforce the communication plan. Ensure minimal interference with the team (let the techies do what they are best at and keep prying fingers out).
4. Have regularly scheduled checkpoints with the team. Don't hover over the team. (minimizes stress), if they find something they will let you know.
5. Monitor them for stress (each employee has a different stress level). Replace stressed out members or at a minimum, give them a rest break..
6. Set up an automated line to provide information to other staff or even management. This way they are not answering their phones attempting to answers everyone's questions.
7. Keep track of hours so that no one person suffers burnout. Stay within government guidelines.
8. Keep copious notes of what is happening
These are only a few things, hope others chime in on this one on the additional steps that they take.
One of the biggest challenges is ensuring that management declare the Crisis and implement the plan....such that everyone understands who is and who is not in charge. This ensures that folks (who now may be worried about losing their jobs) do not get too stressed. Folks get stressed when they have multiple task managers, ensure the lines of communication are clear.
So what to do, if you don't have a plan? Talk to Senior management immediately, have them assign a point person (that person who is in charge). Remember that point person may have to send folks home depending on the size of the event to ensure coverage.
Okay, I have rambled for a while, anyone else want to add to this one?
PS: Deborah, happy to discuss in greater detail if you would like.