The Buck Stops Here

A decision maker is the person who is responsible for making a choice, often a strategically important one, based on various factors. They have the authority and accountability to select a course of action from available options.  You only need to look at Donald Trump's recent actions to see he is clearly the decision maker for government policy in the US. Whether it is the public signing of executive orders or approving the bombing of Iranian targets - like it or not - he calls the shots.

So how does this work for organisations facing a cyber attack?

At Crisis Solutions our cyber based exercises tease out who is making the key decisions such as when to cut connectivity to the outside world and what the process is for taking the necessary actions. Severing connectivity to the outside world is a huge decision with significant impacts to the firm and their customers but also a decision that must be made quickly to prevent further damage. At some organisations the decision sits firmly with the CEO but what if they are unavailable? At others the IT Director will make the call, and some organisations will empower multiple people to immediately sever connectivity if they see signs of a cyber attack or data leaving the organisation. 

Organisations will approach these key decisions in different ways but we always stress the need for speed. Firms must satisfy themselves that they can make decisions without delay to protect their assets and their clients data. Are you clear on who is authorised to make these decisions in your business and does the process for approval ensure swift action?