Welcome!

Blog Feed Post

Who Handles the Call?

In today’s integrated digital economy, the IT infrastructures at most corporations can no longer exist in silos. The overwhelming benefit of integration is the rapid development of new ideas and solutions. The unfortunate downside is that increased integration and connectivity also places our respective organizations at risk for cyber attacks, computer viruses, and infrastructure problems which affect us and the users we serve.

It is imperative that organizations invest in measures to secure their systems and safeguard their data and that of their customers. Organizations must also have a well-defined incident response plan in place before something happens. The hours following the detection of a breach or other customer-impacting incident shouldn’t include wasting time finding a person to head up a response team and determine who needs to be involved. What is needed is a comprehensive incident response plan, developed ahead of time as a holistic response, involving all key aspects of the company’s leadership.

How Comprehensive Does Your Team Need to Be?

https://www.pagerduty.com/wp-content/uploads/2017/04/whohandlesthecall-1... 150w, https://www.pagerduty.com/wp-content/uploads/2017/04/whohandlesthecall-2... 247w, https://www.pagerduty.com/wp-content/uploads/2017/04/whohandlesthecall-1... 178w, https://www.pagerduty.com/wp-content/uploads/2017/04/whohandlesthecall.png 813w" sizes="(max-width: 385px) 100vw, 385px" />When putting together an incident response team, it should obviously include representatives from IT Infrastructure, Development, and Quality Assurance. But there are a number of other functions which should be represented as well:

  • Company Leadership
  • Public Relations
  • Legal
  • Human Resources
  • Customer Service
  • Risk Management

An incident response team should be responsible for overseeing and directing an organization’s response to an incident, but they should also be tasked with reducing risk and preventing incidents before they happen. Formation of the team should focus first on developing an appropriate response plan, and then move toward implementing measures to prevent incidents from happening. Let’s look at each function to determine why and how different departments should be involved in preventing and responding to incidents.

Company Leadership

Buy-in from company leadership at the very highest levels is essential to the creation and successful operation of an incident response team. Buy-in will allow for proper support and ensure alignment with the team across all aspects of the organization. Leadership involvement is also key in the follow-up of any incident. Alignment of leaders and the business in response to an incident is critical to being effective and responding as quickly as possible.

Public Relations

Following an incident, the public relations representative will be the primary point of contact between the company and users. Key responsibilities in preparation for this are the development of comprehensive information-disclosure policies and working with other teams to develop responses to possible scenarios to specific types of incidents.

Legal

As the team responsible for overseeing contracts and company liability, Legal has a key role in developing a legal framework for employees and others who work with the company to ensure that reasonable measures are taken to protect the integrity of the company’s data and intellectual property. In the period immediately following an incident, Legal leads the efforts to determine company liability and ensure that legal obligations with respect to disclosure and notification are handled appropriately.

Human Resources

During the initial development of the incident response team, HR has the responsibility to ensure that the right people are in place, whether they come from within the company, or they’ve  been recruited outside the organization.

HR also has a responsibility to work with the other teams to develop employee policies surrounding access to sensitive data, as well as educating employees about those policies and enforcing them as necessary.

Customer Service

As an outward facet of the company, customer service teams are in a prime position to identify and report potential threats to the company, as well as create a clear line of communication on incident status to users. In addition, they should be familiar with existing information-disclosure policies, and understand when an incident should be escalated and to whom. Representatives should also be intimately aware of data security requirements and potential threats that they may face in working with external users.

Risk Management

Finally, the risk management team is responsible for working with the computer security team to develop and implement policies which outline best practices to identify and mitigate risks before they become incidents. They should also work with other teams to develop and conduct vulnerability assessments, as well as identify and monitor threat detection metrics to function as an early warning system for potential incidents.

Strong Defense Allows for an Effective Offense

Incident response isn’t just the responsibility of the IT Department. While IT does play a critical role in the response team, it is the concerted effort of all teams across an organization that allows for the appropriate, unified, and coordinated response to an incident. Once a company has developed a strong defensive strategy for handling incidents, they should then turn their focus towards identifying risks and mitigating them before incidents even occur.

 

The post Who Handles the Call? appeared first on PagerDuty.

Read the original blog entry...

More Stories By PagerDuty Blog

PagerDuty’s operations performance platform helps companies increase reliability. By connecting people, systems and data in a single view, PagerDuty delivers visibility and actionable intelligence across global operations for effective incident resolution management. PagerDuty has over 100 platform partners, and is trusted by Fortune 500 companies and startups alike, including Microsoft, National Instruments, Electronic Arts, Adobe, Rackspace, Etsy, Square and Github.

Latest Stories
Containers are rapidly finding their way into enterprise data centers, but change is difficult. How do enterprises transform their architecture with technologies like containers without losing the reliable components of their current solutions? In his session at @DevOpsSummit at 21st Cloud Expo, Tony Campbell, Director, Educational Services at CoreOS, will explore the challenges organizations are facing today as they move to containers and go over how Kubernetes applications can deploy with lega...
In his session at 21st Cloud Expo, Raju Shreewastava, founder of Big Data Trunk, will provide a fun and simple way to introduce Machine Leaning to anyone and everyone. Together we will solve a machine learning problem and find an easy way to be able to do machine learning without even coding. Raju Shreewastava is the founder of Big Data Trunk (www.BigDataTrunk.com), a Big Data Training and consulting firm with offices in the United States. He previously led the data warehouse/business intellige...
Today most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes significant work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reducti...
We all know that end users experience the Internet primarily with mobile devices. From an app development perspective, we know that successfully responding to the needs of mobile customers depends on rapid DevOps – failing fast, in short, until the right solution evolves in your customers' relationship to your business. Whether you’re decomposing an SOA monolith, or developing a new application cloud natively, it’s not a question of using microservices – not doing so will be a path to eventual b...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
As hybrid cloud becomes the de-facto standard mode of operation for most enterprises, new challenges arise on how to efficiently and economically share data across environments. In his session at 21st Cloud Expo, Dr. Allon Cohen, VP of Product at Elastifile, will explore new techniques and best practices that help enterprise IT benefit from the advantages of hybrid cloud environments by enabling data availability for both legacy enterprise and cloud-native mission critical applications. By rev...
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, will lead you through the exciting evolution of the cloud. He'll look at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering ...
SYS-CON Events announced today that Ryobi Systems will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ryobi Systems Co., Ltd., as an information service company, specialized in business support for local governments and medical industry. We are challenging to achive the precision farming with AI. For more information, visit http:...
Amazon is pursuing new markets and disrupting industries at an incredible pace. Almost every industry seems to be in its crosshairs. Companies and industries that once thought they were safe are now worried about being “Amazoned.”. The new watch word should be “Be afraid. Be very afraid.” In his session 21st Cloud Expo, Chris Kocher, a co-founder of Grey Heron, will address questions such as: What new areas is Amazon disrupting? How are they doing this? Where are they likely to go? What are th...
As you move to the cloud, your network should be efficient, secure, and easy to manage. An enterprise adopting a hybrid or public cloud needs systems and tools that provide: Agility: ability to deliver applications and services faster, even in complex hybrid environments Easier manageability: enable reliable connectivity with complete oversight as the data center network evolves Greater efficiency: eliminate wasted effort while reducing errors and optimize asset utilization Security: imple...
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try out major feature releases and redesigns within smaller groups before making them broadly available. In his session at 21st Cloud Expo, Brian Lucas, Senior Staff Engineer at Optimizely, will discuss how by using...
The next XaaS is CICDaaS. Why? Because CICD saves developers a huge amount of time. CD is an especially great option for projects that require multiple and frequent contributions to be integrated. But… securing CICD best practices is an emerging, essential, yet little understood practice for DevOps teams and their Cloud Service Providers. The only way to get CICD to work in a highly secure environment takes collaboration, patience and persistence. Building CICD in the cloud requires rigorous ar...
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...
Companies are harnessing data in ways we once associated with science fiction. Analysts have access to a plethora of visualization and reporting tools, but considering the vast amount of data businesses collect and limitations of CPUs, end users are forced to design their structures and systems with limitations. Until now. As the cloud toolkit to analyze data has evolved, GPUs have stepped in to massively parallel SQL, visualization and machine learning.
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to w...