One aspect of security incident management that I have not seen in the hugely copious documentation (entirely possible that I missed it!!), is mention of the Incident Command System.
In use in the emergency and crisis management spheres, as well as business continuity realm, I would have thought I would hear more about its use among infosec folk.
Does anyone here employ ICS? Do you have crisis cells for when the dirt hits the fan?
Does infosec drive crisis and emergency management, or do you handle it among other groups?
Thanks all for your insights.
In fact, you are right abou the BCM reliance on ICS, especially in USA and Canada. Catastrophic disasters, fires, floods, hurricanes, often call for disparate teams to work together under a unified command.
When everyone is singing from the same hymnal, the music is far less discordant!