Information Security | InfoSec Perception

In the preceding articles in this column, I introduced some of the events of the great storm of 1992 that swept through the Caribbean and part of the south-eastern United States and reviewed some of the valuable lessons learned at that time and how they have improved emergency response in the decades since the early 1990s. Today, I’ll continue with insights from the Master’s of Public Administration program at Norwich University in Vermont, which includes two courses that bring students into detailed discussions of today’s standards.

The second of the two courses in the MPA concentration in Continuity of Government Operations is BC521, “Incident Management and Emergency Response.”

In developing a response plan, you can’t plan for what you don’t understand. And you can’t expect to wait until you are perfect to have a plan! Critical path analysis tells you what absolutely has to be done first and what gets done second and third. The critical path lays out which tasks depend on completing other priorities first. Politics has nothing to do with it: putting something first has to reflect absolute need and dependencies, not feelings of personal worth.

Similarly, continuous process improvement, which is at the core of many US military organizational policies defines thinking about how we work as a priority for everyone. One of the most frustrating responses anyone can receive in an organization after questioning why a procedure is in place is “Well, we’ve always done it that way.” Every aspect of our work should be subject to rational thought, re-evaluation and improvement – and without having to worry that anyone is going to feel personally attacked when the someone raises possibilities for improvement, particularly in designing and refining incident response processes (IRP), business continuity plans (BCP), and disaster recovery plans (DRP). We must practice egoless work as defined in Gerald Weinberg’s famous text,

The organizational position of a person has nothing to do with the possibility of useful contributions for improvement; indeed those with hands-on, direct responsibility for accomplishing specific tasks may have more insight into what works and what doesn’t work than managers at increasing degrees of remove from day-to-day operations.

Continue reading

AllEscortAllEscortAllEscort