Cyber attacks and IT outages threaten every organization. The incidents accumulate and often form the prelude to complex, existence-threatening crises. This book helps not only to manage them, but also to prepare for and prevent cyber crises. With its practical structure, it is ideally suited to day-to-day business for crisis team members, communicators, security, IT and data protection experts. With numerous illustrations and checklists. This book is a translation of the original German 1st edition Cyber Crisis Management by Holger Kaschner, published by Springer Fachmedien Wiesbaden GmbH, part of Springer Nature in 2020. The translation was done with the help of artificial intelligence (machine translation by the service DeepL.com). A subsequent human revision was done primarily in terms of content, so that the book will read stylistically differently from a conventional translation. Springer Nature works continuously to further the development of tools for the production of books and on the related technologies to support the authors.
Author(s): Holger Kaschner
Edition: 1
Publisher: Springer
Year: 2021
Language: English
Commentary: TruePDF
Pages: 230
Tags: Systems And Data Security; Computer Crime; Privacy; Cybercrime
Who This Book Is Aimed at, What It Covers, and How It Is Structured
Target Group
Crisis Management Team, Emergency Organization, and IT Specialist Level
What Actually Is a Crisis?
... and a Cyber Crisis?
Psychology
Coping with (Cyber) Crises
Preparation for (Cyber) Crises
Prevention of (Cyber) Crises
Cleaning Up After (Cyber) Crises
Disclaimer: Governance Systems and (ISO) Standards
Structure of the Book
Contents
1: Textbook Cyber Crises
1.1 Cyber Crisis Re-invented: Sony Pictures Entertainment
1.2 Dramaturgy of Inadequately Managed Cyber Crises
2: First Things First: The Human Factor in the Management of (Cyber) Crises
2.1 Decisions or the Essence of Crisis Management
2.2 Assessments, Behavioral Patterns and Stress
2.2.1 How People Perceive and Assess Situations
2.2.2 Behavioral Patterns and How They Manifest Themselves
2.2.3 Stress and How It Arises
2.2.4 Stress and What We Can Do About It
2.3 Requirements for the Members of the Emergency and Crisis Management Organization
3: Cyber Crisis Response
3.1 Alerting, Escalation, and Notification
3.1.1 Principles and Success Factors
3.1.2 Responsibilities and Processes
3.1.3 Availability or Stand-by Arrangements
3.1.4 Information Channels or: Alerting tools Vs. Telephone Cascades
3.1.5 Escalation Criteria Vs. Responsibility and Error Culture
3.2 Response at Strategic Level
3.2.1 Setting the Course: Initializing the Work of the Crisis Management Team
3.2.1.1 Before We Go into Action: The Get-Out-of-Jail-Free Card
3.2.1.2 Initial Analysis of the Situation or: What´s Going On?
3.2.1.3 Affected Stakeholders or: Who Should We Expect?
3.2.1.4 Thinking Negatively for a Change: What If?
3.2.1.5 From Identification to Assessment: Objective, Objective, and Objective Again
3.2.1.6 The Formal Establishment of the Crisis Case: Houston, We Have a Problem
3.2.2 Managing Cyber Crises in a Structured Way: Crisis Management Process
3.2.2.1 Variant A: Leadership Process
3.2.2.1.1 Situation Assessment: Where Is the Shoe Pinching Most?
3.2.2.1.2 Options and Action Planning: What to Do, Said Zeus?
3.2.2.1.3 Decision and Delegation: Don´t Talk, Act!
3.2.2.1.4 Situation Analysis/Situation Review: Is It Working Yet?
3.2.3 Variant B: FOR-DEC
3.2.4 Crisis Communication
3.2.4.1 Rules of Thumb for Crisis Communication
3.2.4.2 Starting Point: Stakeholder Needs and Distress in Cyber Crises
3.2.4.3 W-Questions of Crisis Communication
3.2.4.3.1 Who Communicates with Whom?
3.2.4.3.2 What Do We Communicate?
3.2.4.3.3 How Do We (Hopefully) Communicate?
3.2.4.3.4 When Do We Communicate?
3.2.4.4 From Bloggers, YouTubers, and Journalists: Limits of German Press Law
3.2.5 From Practice: Strategies in Acute Cyber Crises
3.2.5.1 Victim Care Above All
3.2.5.2 We Ourselves Are Also Victims!
3.2.5.3 Attack Is the Best Defense
3.2.5.4 Putting the Cards on the Table Vs. Refusing to Communicate
3.2.5.5 Getting Out of the Line of Fire
3.2.5.6 Swapping a Scapegoat for an Identification Figure
3.2.5.7 When We Are Blackmailed
3.3 Reaction at Tactical-Operational Level
3.3.1 The Show Must Go on or: Restart of Processes and IT Systems
3.3.1.1 Restart: Critical (Business) Processes
3.3.1.2 Restart: IT Systems and Data
3.3.2 Cybersecurity Incident Response
3.3.2.1 Cybersecurity Incident Response Procedure
3.3.2.2 Rules of Thumb for Cybersecurity Incident Response
4: Cyber Crisis Preparation
4.1 Nothing for Regular Operations or: Emergency and Crisis Organization
4.1.1 The Rescue Team or: CMT
4.1.1.1 The Organizational Framework of the CMT
4.1.1.2 Manning of the CMT
4.1.1.3 The Crucial Question: Who Would Be Better (Not) to Be a Member of the CMT
4.1.2 Situation Center
4.1.3 Communications Staff
4.1.4 Emergency Bodies at the Tactical-Operational Level
4.2 Infrastructures and Tools
4.2.1 Crisis Manual
4.2.2 CMT Room
4.2.3 Templates and Posters
4.2.4 IT-Supported Crisis Management Tools
4.2.5 Alerting Tools
4.2.6 Governance Suites for BCM, IRBC, and ISM
4.2.7 IDS and SIEM Tools
4.3 Logistics Ensure Sustainability
4.4 Preparing for Crisis Communication
4.4.1 Communication Aids
4.5 Practice Creates Masters: Trainings and Exercises
4.5.1 Formats
4.5.2 Training Program
4.6 Create Conditions for the Continuation of Business Operations
4.6.1 Prepare Emergency Operation of (Business) Processes
4.6.1.1 Criticalities and Resources
4.6.1.2 Business Continuity Plans
4.6.2 Enable Restart of IT Systems
4.6.2.1 Technical Solutions
4.6.2.2 Organizational Preparations: Restart Plans and Restore Concepts
4.6.3 Creating a Framework for Cybersecurity Incident Response
4.7 What Works and What Does Not: Tests
4.8 Insurance of Cyber Risks
5: Cyber Crisis Prevention
5.1 Starting with an Analogy
5.2 Danger Recognized, Danger Averted: Awareness
5.3 Early Warning System: Risk Communication, Stakeholder Management, and Issue Management
5.3.1 Stakeholder and Issue Management
5.3.2 Risk Communication (And Its Pitfalls)
5.4 Not Sexy, but Fundamental: Asset Management and Structural Analysis
5.5 Indispensable: Information and IT Security Management
5.5.1 ISM in Fast Forward Mode
5.5.2 Fields of Action for Information Security
5.6 Focus Availability: Continuity Management
5.6.1 Business Continuity Management
5.6.2 IRBC/IT Service Continuity Management
5.7 Cyber Risk Management
5.7.1 Preliminary Work
5.7.2 Risk Assessment
5.7.2.1 Risk Identification
5.7.2.2 Risk Analysis
5.7.2.3 Risk Assessment
5.7.3 Risk Treatment
5.7.4 Acceptance of (Residual) Risks
5.8 Our Cyber Resilience and What It Is Like: Audits
6: Post Crisis Care: Follow Up
6.1 The View Outwards: Repairing Stakeholder Relationships
6.2 The View Inwards: People, Processes, and Technology
6.2.1 Human Factor
6.2.2 Alerting and Escalation
6.2.3 Interaction Between the Levels of the Emergency and Crisis Organization
6.2.4 Strategic Level
6.2.5 Operational Level: BCM and IRBC
6.2.6 Tactical Level: CSIRT and Cybersecurity Incident Response
6.2.7 Crisis Communication
7: At a Glance: Seven Deadly Sins of Cyber Crisis Management
Appendix A: Read More
Appendix B: Abbreviations and Glossary
Index
