An example where a company needs a unified response to a crisis using a GSOC deploying an interactive crisis communications network might be when a cross site scripting vulnerability has been exploited and online customer support functions have been disrupted. Such a scenario might involve the participation of a number of business units, such as representatives from the c-suite, IT personnel, customer support, public relations, legal, product managers, and maybe even law enforcement. The response process can be impaired due to the unfamiliarity across business units.
The scenario presents a number of crucial questions that have to be answered:
- Who needs to be notified and brought together as a team?
- Who is going to contact the team and assemble the team in an organized communications process?
- Who is in charge of addressing the situation and managing the response process?
Having a single point of coordination like a GSOC would put the company in a much stronger, stable position to respond to a crisis. It would be the GSOCs responsibility to maintain an updated list of personnel and contact information for representatives from the different business units. The GSOC would also be responsible for deploying the alerting function and making sure the right combination of people were contacted to respond to the crisis and communicating effectively as a group. Most importantly, the GSOC would be responsible for monitoring the status of the company’s operational functions throughout the process, identifying what devices and processes – physical and cyber – that might be impacted by the crisis.
The use of GSOCs and mass notification systems are one of the ways companies are dealing with the challenges posed by the convergence of security today. Other use cases include integrating cyber monitors with alert notification functions. The event of a breach or cyber attack is captured by multiple monitors and the notification system would automatically activate to immediately alert security responders by utilizing out-of-band communications. In case the network has to be shut down, an organized response could still take place and information could still be exchanged between responders to address the situation.
In addition, embedding crisis communication notification systems with alerting networks would also support the dissemination and confirmation of IT security advisories by cyber teams in organizations. Lastly, organizations could leverage IP-based notifications as a unified response tool for both cyber and physical security safety drills conducted for compliance purposes to certify a company’s crisis response operations for auditors on behalf of the company’s customers.
In today’s landscape, it is not a question of if you will be hit by a combined cyber and physical crisis that will impact your organization’s operations, but when. Having a unified response to both processes won’t prevent you from getting hit, but it will allow you recover faster and resume business operations.