Organizations frequently have some sort of cyclical systems improvement program in place, yet when we assist with incident response, we routinely see gaps where different departments have isolated some or all of their systems from the overall picture.
Big picture thinking and management is difficult, so it is easy for these lapses in judgement to creep in. But without a unified systems view of the organization, it is impossible to properly manage risk, and at some point that will create a problem. For example, the IT department may have air-tight policy and practices, but if HR is letting the business hire criminals, those policies won’t matter.
Every department and all business aspects are tied together. The business is a unit, it is not silo’s of independent compliance. That’s why we have the “unified scorecard” approach. So when we see compliance programs that assign responsibility downward, we know where to start looking for gaps. All the process improvement in the world won’t help if you don’t have a unified model and consistent performance across the business. We like to engage with clients and help them knit together a unified program so that they are better protected and fully risk aware. Nobody wants to find a blind spot hiding in plain site. Our development of management models to provide this unified front is what helps our clients avoid surprises, so they can go about their business without needing our incident response services.
Cycles, frameworks, metrics, scorecards, visibility. These are things that keep an organization healthy and incident free. No matter which approach you take, make sure its unified.
If you want to stop having unmitigated incidents, call us for a free evaluation. We want to help your business be incident free.