Undercover
Extreme Emergency Management
When disaster strikes, CSOs can be geniuses or goats.
By Anonymous
Second, the size of the emergency response plan must be scalable and relative to the risks. Business or security has to avoid the trap of taking a plan too far. For example, at considerable expense we instituted emergency communication hubs and safe havens on every floor of our New York City campuses. As excessive as it sounds, it was agreed that each department and floor on our campuses needs to be able to go to one place for access to news, to receive direction from our emergency management teams and to evacuate if necessary. As a strategic executive, it is the CSO’s responsibility to know his organization and to scale plans appropriately.
Third, the plan to move people to safety during an incident must be in place, communicated to all employees at every company location and drilled consistently and comprehensively. Typically this is the organization’s fire evacuation plan, but there are other conditions where evacuation is not the preferred response. If a company’s decision is to create only one plan, then this “life safety” plan is it and no other plan should precede its development. When an organization commits to an emergency response plan, whether it is limited to a life safety component or with protocols to address various types of emergencies, the organization must commit the proper resources to support it. For example, we’ve committed to placing emergency information centers on every floor of every facility, in employee lounges and copy centers, with detailed response guidelines for employees, as well as detailed graphics of evacuation routes and assembly areas. Additionally, we’ve placed evacuation cards at the fire exits at every facility for employees or visitors to grab on their way out the door.
Last, I will combine the communication network with training and testing because, in my opinion, both these components require a single organization to be responsible and accountable for their development and maintenance. And I believe strongly that security is the ideal team to be responsible and accountable.
The communication network is a living document that is readily updated and incorporates all the necessary contact numbers for the members of the organization who participate in the plan. It’s key that it be kept current. Security should work closely with the organization’s IT team to introduce a call network technology that prompts the participants in the plan to update their information regularly; this will be available through the company’s intranet and also via an Internet portal. Right now, our communication network has contact information for more than 300 participants around the world, who update their data monthly through a Web-based tool.
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- A Security Blueprint Delivered From within the Network
- Understanding Data Location is Imperative for Data Loss Prevention
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
